[Openswan Users] really basic peer-to-peer setup
Simon Deziel
simon at xelerance.com
Sat May 4 01:27:52 UTC 2013
On 13-05-03 04:16 PM, Alan McKay wrote:
> On Fri, May 3, 2013 at 2:20 PM, Simon Deziel <simon at xelerance.com> wrote:
> Here is my config - and "left is local". The "interfaces" was added
> by webmin I know that much.
>
> # basic configuration
> config setup
> dumpdir=/var/run/pluto/
> forwardcontrol=yes
> interfaces="ipsec0=xenbr0"
> nat_traversal=yes
> oe=off
> plutoopts=--perpeerlog
> protostack=auto
> virtual_private=,%v4:172.16.0.0/24,%v4:172.30.0.0/24
> # Use this to log to a file, or disable logging on embedded
> systems (like openwrt)
> #plutostderrlog=/dev/null
>
> # Add connections here
>
> conn bioinformatics
> aggrmode=no
> authby=secret
> auto=start
> compress=no
> ike=aes256-sha1;modp1024!
> left=10.242.182.88
> leftid=10.242.182.88
> leftnexthop=10.242.182.1
> leftsubnet=172.30.0.0/24
> pfs=no
> phase2alg=aes256-sha1;modp1024
> right=10.246.159.41
> rightid=10.246.159.41
> rightnexthop=10.246.159.1
> rightsubnet=192.168.160.0/24
> type=tunnel
>
OK so I'll attempt to rewrite a clean one (untested, please check in the
man page if it complains ;)
Here it goes:
version 2
config setup
nat_traversal=yes
plutoopts=--perpeerlog
protostack=netkey
# The virtual_private is for solexa1, tune for firewall03
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.160.0/24
conn bioinformatics
authby=secret
auto=start
ike=aes256-sha1;modp1024!
left=10.242.182.88
leftnexthop=10.242.182.1
leftsubnet=172.30.0.0/24
pfs=no
phase2alg=aes256-sha1
right=10.246.159.41
rightnexthop=10.246.159.1
rightsubnet=192.168.160.0/24
It's surprising that both letf and right are RFC1918 IP addresses.
More information about the Users
mailing list