[Users] Firewall, linux IPSec Gateway, Windows 2000 Client Problem

From: Jonathan K. Poon (PoonJ_at_sfpoon.com)
Date: Tue Nov 12 2002 - 04:09:15 CET

• Next message: Sam Sgro: "Re: [Users] When I lose my dsl connection my tunnel doesn't cant recover"
• Previous message: Mark Seguin: "[Users] When I lose my dsl connection my tunnel doesn't cant recover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hey All:

I am having some trouble setting it up. I was wondering if anyone has suggestions on how to get it to work. let me explain the situation.

I have a current VPN that is setup that is connected to two offices using the freeswan ipsec implementation version 1.98B. there are two gateways that are connected with computers behind it of course. this setup is working very well. I do however, have a firewall using ipchains for both of those gateways.

Now, I would like for my client desktop Win2k PC to connect to it. I setup the ipsec on both sides using x.509 certificates...and it seems to work..however, there seems to be some errors.

Here are my ipsec.conf files

SERVER:

conn vk-berkeleynet
    left=<server ip>
    leftnexthop=<server gateway ip>
    leftsubnet=192.168.1.0/24
    leftrsasigkey=%cert
    leftcert=my.pem
    right=%any
    rightrsasigkey=%cert
    auto=add

conn vk-berkeleygw
    left=<server ip>
    leftnexthop=<server gateway ip>
    leftrsasigkey=%cert
    leftcert=my.pem
    right=%any
    rightrsasigkey=%cert
    auto=add
    pfs=yes

CLIENT
   
conn vk-berkeleynet
    left=<server ip>
    leftnexthop=<server gateway ip>
    leftsubnet=192.168.1.0/24
    leftrsasigkey=%cert
    leftca="C=US, S=CA, L=Berkeley, O=Great Western Funding, CN=VK Chopra, Email=vk_at_gwfund.com"
    right=%any
    rightrsasigkey=%cert
    network=auto
    auto=start
    pfs=yes

conn vk-berkeleygw
    left=<server ip>
    leftnexthop=<server gateway ip>
    leftrsasigkey=%cert
    leftca="C=US, S=CA, L=Berkeley, O=Great Western Funding, CN=VK Chopra, Email=vk_at_gwfund.com"
    right=%any
    rightrsasigkey=%cert
    network=auto
    auto=start
    pfs=yes

On the server, I do a ipsec barf. My output is in the attachment
basically, it seems to have a problem with a connection to the gateway...
any suggestions as to what I could be doing wrong?

another question I have is....I am going to have an internet ip when connecting to the VPN server...
I am going to do samba sharing and I would like for it so that when I connect over the VPN...this computer would act as if it were a local computer...using a private IP address. is that possible? simply because I am on a PPPoE dsl connection and my IP is not guaranteed...so if I want to have access, I would basically have to open up a whole subnet which could be a security hazard, both in samba and in the firewall, since everything is restricted. Please let me know of such a solution.

Thanks for helping me!

Sincerely,

Jonathan Poon

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] When I lose my dsl connection my tunnel doesn't cant recover"
• Previous message: Mark Seguin: "[Users] When I lose my dsl connection my tunnel doesn't cant recover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Nov 13 2002 - 05:20:41 CET