IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrio r

From: Ignat Vassilev (Ignat.Vassilev_at_optus.com.au)
Date: Wed May 08 2002 - 01:29:24 CEST

If I'm right you try to connect SonicWall to FreeSWAN and you don't need to
use RoadWarrior.
Just put rightsubnet=192.168.0.0/16 in your configuration if your
RoadWarrior host receive IP address on this range, or you can change your
config to be real RoadWarrior:

1. Freeswan to SonicWall

conn billb
        right=24.221.200.83
        rightcert=billb.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem
        rightnexthop=24.221.200.80
        rightsubnet=192.168.0.0/16

conn %default
        keyingtries=1
        keyexchange=ike
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        type=tunnel
        left=209.12.32.66
        leftnexthop=209.12.32.65
        leftsubnet=10.0.0.0/24
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        auto=add
        disablearrivalcheck=no

2. RaodWarior to Freeswan

conn billb
        right=%any
        rightcert=billb.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem
        rightnexthop=24.221.200.80

conn %default
        keyingtries=1
        keyexchange=ike
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        type=tunnel
        left=209.12.32.66
        leftnexthop=209.12.32.65
        leftsubnet=10.0.0.0/24
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        auto=add
        disablearrivalcheck=no

cheers
Ignat

> -----Original Message-----
> From: Vasiliy Boulytchev [mailto:vasiliy_at_boulytcheva.com]
> Sent: Wednesday, 8 May 2002 9:17
> To: Ignat Vassilev
> Cc: users_at_lists.freeswan.org
> Subject: Re: [Users]
> LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior
>
>
> you're right
> Vasiliy Boulytchev
> Colorado Information Technologies Inc.
> ----- Original Message -----
> From: "Ignat Vassilev" <Ignat.Vassilev_at_optus.com.au>
> To: "'Vasiliy Boulytchev'" <vasiliy_at_boulytcheva.com>
> Sent: Tuesday, May 07, 2002 5:09 PM
> Subject: RE: [Users]
> LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior
>
>
> > >From your diagram
> "LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior" I
> > can't understand what you try to connect Sonicwall to freeswan or?
> > Is it look like
> >
> >
> Lan(leftsubnet)----FreeSwan(left)---leftnexthop=====internet==
==rightnexthop
> > ---(right)SonicWall----RoadWarrior(righthost)
> >
> > am I correct?
> >
> > Ignat
> >
> > > -----Original Message-----
> > > From: Vasiliy Boulytchev [mailto:vasiliy_at_boulytcheva.com]
> > > Sent: Wednesday, 8 May 2002 8:52
> > > To: Ignat Vassilev
> > > Cc: users_at_lists.freeswan.org
> > > Subject: Re: [Users]
> > > LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior
> > >
> > >
> > > ofcourse, i just erased it from here. my vpn works for other
> > > freeswan to
> > > freeswan connections....
> > > Vasiliy Boulytchev
> > > Colorado Information Technologies Inc.
> > > ----- Original Message -----
> > > From: "Ignat Vassilev" <Ignat.Vassilev_at_optus.com.au>
> > > To: "'Vasiliy Boulytchev'" <vasiliy_at_boulytcheva.com>;
> > > <users_at_lists.freeswan.org>
> > > Sent: Tuesday, May 07, 2002 4:40 PM
> > > Subject: RE: [Users]
> > > LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior
> > >
> > >
> > > > Hi Vasiliy
> > > >
> > > > Change your left=freeswan to left=IP_address when
> IP_address is your
> > > > external freeswan IP address
> > > >
> > > >
> > > > Regards
> > > > Ignat
> > > >
> > > > -----Original Message-----
> > > > From: Vasiliy Boulytchev [mailto:vasiliy_at_boulytcheva.com]
> > > > Sent: Wednesday, 8 May 2002 7:00
> > > > To: users_at_lists.freeswan.org
> > > > Subject: [Users]
> > > LAN=1.97FreeSWAN=gateway=gateway=SonicWall=RoadWarrior
> > > >
> > > >
> > > > Ladies and Gents,
> > > >
> > > > What's wrong with my setup?
> > > >
> > > > ipsec.conf section:
> > > >
> > > > conn %default
> > > > keyingtries=1
> > > > keyexchange=ike
> > > > authby=rsasig
> > > > leftrsasigkey=%cert
> > > > rightrsasigkey=%cert
> > > > type=tunnel
> > > > left=freeswan
> > > > leftnexthop=router
> > > > leftsubnet=10.0.0.0/24
> > > > ikelifetime=240m
> > > > keylife=60m
> > > > pfs=yes
> > > > compress=no
> > > > auto=add
> > > > disablearrivalcheck=no
> > > >
> > > > conn billb
> > > > right=24.221.200.83
> > > > rightcert=billb.coinfotech.com.pem
> > > > leftcert=bluespruce.coinfotech.com.pem
> > > > rightnexthop=24.221.200.80
> > > >
> > > >
> > > >
> > > > cannot respond to IPsec SA request because no connection is
> > > known for
> > > > 10.0.0.0/24===freeswan[C=US, ST=Colorado, L=Colorado
> > > Springs, O=Colorado
> > > > Information Technologies, Inc., OU=ISP, CN=BlueSpruce,
> > > > E=admin_at_bluespruce.coinfotech.com]...sonicwall[C=US
> > > >
> > >
> <mailto:E=admin_at_bluespruce.coinfotech.com]...sonicwall[C=US> , ST=CO,
> > > > L=Colorado Springs, O=CIT, OU=ISP, CN=BillB,
> > > > E=billb_at_coinfotech.com]===192.168.168.7/32
> > > > <mailto:E=billb_at_coinfotech.com]===192.168.168.7/32>
> > > >
> > > >
> > > > Vasiliy Boulytchev
> > > > Colorado Information Technologies Inc.
> > > >
> > > >
> > >
> > >
> >
>
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST