[Users] FreeSWAN + Borderware via NAT

From: Jason McCormick (jason_at_ironlizard.org)
Date: Wed Nov 13 2002 - 03:43:31 CET

• Next message: John M Soto: "[Users] Re: Gateway <===> Gateway Problem"
• Previous message: Lucio Nino Rossi: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Next in thread: Sam Sgro: "Re: [Users] FreeSWAN + Borderware via NAT"
• Reply: Sam Sgro: "Re: [Users] FreeSWAN + Borderware via NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

  Does anyone happen to have FreeSWAN working with a Borderware Firewall/VPN?
Specifically one through NAT on the "home" side? I'm trying to hook my home
machine up to my network at work at I'm running into some odd problems. From
what I understand, as long as my DSL Modem/Router supports IPSec
pass-through, I should be able to connect to work but I"m running into
problems. Borderware supports FreeSWAN on the client side, but don't support
it through NAT. Here's my configuration:

conn work
        esp=3des-md5-96
        espenckey=0x2aa56f5d{somekey}
        espauthkey=0xfe9dcc11{somekey}
        spi=0x{HEX}
        # Left security gateway, subnet behind it, next hop toward right.
        left=10.0.0.2
        leftsubnet=10.0.0.0/24
        leftnexthop=10.0.0.1
        # Right security gateway, subnet behind it, next hop toward left.
        right=11.11.11.3
        rightsubnet=172.16.2.0/23
        rightnexthop=11.11.11.1
        # To authorize this connection, but not actually start it, at startup,
        # uncomment this.
        auto=start

I guess I have several questions (If this is covered in the FAQ please point
me to it because I'm not seeing my exact needs)

1) Do I enter the exact same string in both espenckey= in the ipsec.conf and
the "Cipher Key" field? And what I have in espauthkey= in the "HMAC Key"
field? Are these values identical in both cases? Borderware gave me this
configuration but wasn't clear if it was the same value or what.

2) If my home LAN is 10.0.0.0/23, my local workstation is .2, the DSL router
.1 and the external side of the DSL router as, say, 2.2.2.2 do I have those
values correct?

The configuration seems to work with the ipsec commands, but the connection
never establishes itself. The firewall reports that it's rejecting the
connection at "phase 1" but I think it's due to configuration error. Can
anyone help?

THANK YOU!!

-- Jason

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John M Soto: "[Users] Re: Gateway <===> Gateway Problem"
• Previous message: Lucio Nino Rossi: "Re: [Users] Re: Help with Sonicwall/10 interop with FreeSWAN 1.99"
• Next in thread: Sam Sgro: "Re: [Users] FreeSWAN + Borderware via NAT"
• Reply: Sam Sgro: "Re: [Users] FreeSWAN + Borderware via NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Nov 15 2002 - 05:20:49 CET