Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] Help in configuration

From: Jordan Share (iso9_at_jwiz.org)
Date: Wed Jun 12 2002 - 00:47:53 CEST

Next message: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Previous message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] FS 1.97 and Virtual IP's"
In reply to: henrique.dixtal: "[Users] Help in configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think my setup is somewhat similar to yours. However, I am connecting to a Netscreen100, and not a Linksys.

I am behind a 1-to-1 NAT box (WebRamp 700s). I have only 1 NIC in my Freeswan box (I call him "stymie").

Here's a sketch:

stymie (10.1.1.28)
|
|-----------------------10.1.1.0/24 subnet
|
webramp (10.1.1.1)
||--(stymie's external IP address is a.b.c.d)
||
***Internet***
||
||
Netscreen100 (z.y.x.w)
|
\-----------------------10.2.1.0/24 subnet

The relevant section of my ipsec.conf is:

conn netscreen-gw-green
        type=tunnel
        auth=esp
        authby=secret
        keylife=1h
        auto=start
        leftid=a.b.c.d
        left=10.1.1.28
        keyexchange=ike
        leftsubnet=10.1.1.0/24
        leftnexthop=10.1.1.1
        right=z.y.x.w
        keyingtries=0
        rightsubnet=10.2.1.0/24

"right" is the netscreen's external IP address, if that is unclear.

I am using preshared keys for this connection. On the webramp, I set it to have a route through 10.1.1.28 (stymie's IP) to 10.2.1.0/24. Thus, all the clients on my network only have a default route through the webramp. It sends redirects to tell them to send their packets to stymie instead.

I can also provide the "conn" entry for connecting to another freeswan box from behind the webramp, if that would help you. To do that, I had to use authby=rsasig, due to the NAT.

HTH,
Jordan

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org]On Behalf Of henrique.dixtal
> Sent: Tuesday, June 11, 2002 10:48 AM
> To: users
> Subject: [Users] Help in configuration
>
>
> Hi,
> I need to setup a VPN between 2 subnets. At one side, we have a
> Linksys(with IPSec, subnet 192.168.51.0/24). At the other side, we
> have a Linksys BEFSR41 (withou IPSec, subnet 192.168.50.0/24),
> providing NAT. Between Linksys and the subnet, I need to setup a Linux
> box with FreeSwan. My problem is _how_ should I setup the ipsec.conf,
> in the second side?
>
> Thanks in advance
> Henrique
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Previous message: D. Hugh Redelmeier: "Re: [Users] Re: [Bugs] FS 1.97 and Virtual IP's"
In reply to: henrique.dixtal: "[Users] Help in configuration"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST