[Openswan Users] Single interface / tunnel will not come up.
Bruce Markey
bruce at secryption.com
Sat Feb 1 09:48:02 EST 2014
Thanks mike.
Tunnels are up now.
Having an issue now passing traffic. On my cisco side this is my crytpo
map.
access-list 160 permit ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 160 permit tcp 192.168.30.0 0.0.0.255 any eq www
access-list 160 permit tcp 192.168.30.0 0.0.0.255 any eq 443
that is to say, thats what I'm passing over. Basically subnet to subnet
stuff. BUt also this is being used for all web traffic. THat is not
passing. We've narrowed it down to the openswan side I think.
I assume I have to add something to ipsec.conf for the other two acl
lines but I have no idea what.
conn IOF
# # Left security gateway, subnet behind it, nexthop
toward right.
authby=secret
type=tunnel
left=2.2.2.2
#left=%defaultroute
#leftnexthop=%defaultroute
leftsubnet=192.168.10.0/24
leftid=2.2.2.2
# Right security gateway, subnet behind it, nexthop
toward left.
right=1.1.1.1
rightsubnets=192.168.30.0/24,0.0.0.0
rightid=1.1.1.1
# To authorize this connection, but not actually start
it,
# at startup, uncomment this.
#auto=add
esp=aes192-sha1
keyexchange=ike
ike=aes192-sha1
phase2=esp
#phase2alg=aes192-sha1
salifetime=43200s
pfs=yes
auto=start
dpdaction=restart
Any ideas?
--
Encrypt everything.
Public key: https://www.secryption.com/BruceMarkey.asc
I believe that any violation of privacy is nothing good.
Lech Walesa
More information about the Users
mailing list