[Openswan Users] OpenSwan Configuration Payload Implementation
Joel Abraham
joel at globalwirelesstech.com
Thu May 22 10:28:42 EDT 2014
I am trying to set up a tunnel between an embedded board and a remote CISCO
box, both of which has subnets behind them. From the board I was
successfully able to create a tunnel with a regular vpn enabled router.
However when I'm trying to setup a tunnel with the CISCO box (which I don't
have access to), my requests gets rejected.
I was told the message from my side doesn't contain Configuration Payload
(CP). How can I enable the CP using the existing OpenSwan installation?
Following is my ipsec.conf. I tried adding modecfgpull, but it doesn't seems
to do anything.
config setup
dumpdir=/var/run/pluto/
nat_traversal=yes
oe=off
protostack=auto
conn %default
ikelifetime=86400s
keylife=60m
rekeymargin=3m
keyingtries=1
ikev2=yes
authby=secret
conn cisco_iot
# # Left security gateway, subnet behind it, nexthop toward
right.
pfs=no
left=192.168.A.A
leftsubnet=192.168.0.0/24
right=192.168.B.B
rightsubnet=192.168.1.0/24
auto=start
ike=aes128-sha1;modp1024!
phase2=esp
phase2alg=aes128-sha1
modecfgpull=yes
leftmodecfgclient=yes
modecfgdns1=192.168.C.C
modecfgdns2=192.168.D.D
Best,
Joel Abraham
GlobalWirelessTech
<mailto:joel at globalwirelesstech.com> joel at globalwirelesstech.com
973-998-6256
This email, and any associated attachments have been classified as:
[ ] Public
[x] GWT Internal Use Only
[ ] GWT Confidential & Proprietary
Important: This message is intended for the use of the entity or recipient
to
which it is addressed and may contain information which is privileged
and/or confidential. If you have received this communication in error,
please
inform the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140522/1fd4f725/attachment.html>
More information about the Users
mailing list