Hi
I'm having a problem trying to configure openswan (IPSec) on my linux
box. The scenario is this
10.0.0.1 --> 10.0.0.23<-->81.32.32.21 ---> Internet<-->roadwarrior
VPN Gateway Gateway performs NAT (Windows/Linux)
Linux box Linux Box
one nic two nics
I'm trying to connect my roadwarrior to VPN Gateway. My ipsec.conf is
as follows:
# basic configuration
config setup
nat_traversal=yes
strictcrlpolicy=no
# default settings for connections
conn %default
leftrsasigkey=%cert
rightrsasigkey=%cert
# OE policy groups are disabled by default
conn block
auto=ignore
conn clear
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn packetdefault
auto=ignore
conn l2tp-cert-orgWIN2KXP
authby=rsasig
pfs=no
auto=add
rekey=no
left=%defaultroute
leftprotoport=17/1701
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/x.pem
right=%any
rightca=%same
rightrsasigkey=%cert
rightprotoport=17/%any
conn roadwarrior
authby=rsasig
auto=add
esp=aes,3des
left=%defaultroute
leftcert=/etc/ipsec.d/certs/x.pem
leftid="C=X,ST=X,L=X,O=X,OU=X,CN=X,emailAddress=X"
leftrsasigkey=%cert
pfs=yes
rightrsasigkey=%cert
right=%any
I've generated and imported the client certificate on the
roadwarriors. IPSec is running on both client and server, the only
thing is that a ping request comes in with 100% loss. Server side
doesn't show client connection. So the question is,is my VPN setup
(shown above) correct?? Should I set up VPN on the Gateway Linux box
(with 2 nics,connecting external and internal clients)??Your feedback
will be highly appreciated.
Peter
