> I got all of the packages on the diskette (thanks again for so much help > from Lynn and Charles), and I got the serial device working (I feel like > such a dolt, I never checked the cable, thanks Charles) but know, after I > think I've written a very generic .conf file for ipsec, its bombing, and I'm > not able to connect to the other site. Attached is a copy of my ipsec.conf. > but I'm unable to get any results... > > # system wide setup > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug=none > plutoload=%search > plutostart=%search > # uniqueids=yes # not yet, otherwise it'll only allow one > connection > > conn %default > keyingtries=0 > authby=rsasig > > # left is joey's hose > # right is the shop > conn home-office > left=66.25.44.147 > leftnexthope=66.25.44.1 > leftsubnet=192.168.3.0/24 > leftrsasigkey= < removed for space> > right=66.25.18.71 > rightnexthope=66.25.18.1 > rightsubnet=192.168.1.0/24 > rightrsasigkey= <removed for space> > > I still have uniqueids commented out because I read that to be that it would > only allow one connection at a time, ie only one user at a time to a > specific connection, want to be able to give the whole office access to the > other network. Can someone point out the obvious errors, and possibly give > me some assistance in getting this up...
Asuming your ipsec.secrets file is formtted properly, the big problem I see with the above is the nexthop settings. You should be using "leftnexthop" and "rightnexthop", not "hope". Since IPSec builds it's own routing, these settings are important. You may also need to use the leftid and rightid fields, especially if you've got any home users with dynamic IP's. I typically use unresolved host names (a hostname preceeded by "@", so IPSec doesn't try to resolve it into an IP address). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
