[Linuxtrent] Re: VPN SERVER con freeswan!

  • From: magobin <magobin@xxxxxxxxx>
  • To: linuxtrent@xxxxxxxxxxxxx
  • Date: 07 Jan 2003 00:31:48 +0100

> SI DEVONO VEDERE ASSOLUTAMENTE
> Di espressione italiana
> http://siena.linux.it/documenti/VPN-IPsec-Freeswan-HOWTO.html
> Diaolin
> 


lo stò leggendo da un'ora....
e più lo leggo e più mi sembra di aver fatto giusto!
anzi...nella mailing list c'è la conf di uno che pinga da win2k e la sua
è così...dimmi che differenza c'è con la mia!:

I've got several Linux boxes running CIPE for office-to-office VPN's
running quite smoothly,
but now I wanted to let remote users access the LAN too.  IPsec looked just
perfect for this ...
I've gotten the Win2k to talk with the LinuxIpsec box just fine, but I'd
like the Win2k roadwarriors to access the LAN too ...
this I can't get to work ... I'm not quite sure I've set up everything
correctly so here's my confs:
test-setup "192.168.102.0/24 = external" "192.168.0.0/24 = Internal"

Linux-GW - ipsec.conf
config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces="ipsec0=eth1"
        # Debug-logging controls:  "none" for (almost) none, "all" for
lots.
        klipsdebug=none
        plutodebug=none
        # Use auto= parameters in conn descriptions to control startup
actions.
        plutoload=%search
        plutostart=%search
        # Close down old connection when new one using same ID shows up.
        uniqueids=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.102.0/24
        also=roadwarrior

conn roadwarrior
        right=%any
        left=192.168.102.1
        leftcert=testwin2k.pem
        auto=add
        pfs=yes

Win2K RoadWarrior - ipsec.conf
conn roadwarrior
        left=%any
        right=192.168.102.1
        rightca
="C=BE,ST=blah,L=blah,O=blah,OU=blah,CN=blah,Email=gert.vandelaer@xxxxxxxxxxxxxxxxxx"
        network=auto
        auto=start
        pfs=yes

conn roadwarrior-net
        left=%any
        right=192.168.102.1
        rightsubnet=192.168.102.0/24
        rightca
="C=BE,ST=blah,L=blah,O=blah,OU=blah,CN=blah,Email=gert.vandelaer@xxxxxxxxxxxxxxxxxx"
        network=auto
        auto=start
        pfs=yes

So I can ping the 192.168.102.1 from Win2k fine, checked with tcpdump -i.......

-- 
Per iscriversi  (o disiscriversi), basta spedire un  messaggio con SOGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. linuxtrent
  3. Archive
  4. 01-2003