Joey, I see nothing terribly wrong with the ipsec.conf file. Mine does have a leftid and rightid in the conn home-office section. I also have a auto=add on the office and a auto=start on the home section. Without these lines it does not when to start up. I'm sure you are reading the configuration section from freeswan.org. You might also try the logs to see what is going on.
# ipsec look - will give you the connections that are up and allowed. If the two are tunnel and secure if gives more information than can be believed. # more /var/log/log.auth will tell you all about how the ipsec is connecting. It will also give you some real clues on connections. This will get REAL chatty if you change the plutodebug to all. I believe uniqueids means that if "B" machine tries to connect while "A" still thinks its connected, "A" will kill the current session with "B" and start a new session with "B". If you have a firewall other options might be needed like leftfirewall=yes. I'm about to finish a mini-howto for Dachstein CD using X.509 certificates. Let me know if you are interested. Hopes this helps - Bill --- Joey Officer <[EMAIL PROTECTED]> wrote: > Ok, its been awhile since last I had a real chance > to work on this, and now > finally I'm getting into it... > > I got all of the packages on the diskette (thanks > again for so much help > from Lynn and Charles), and I got the serial device > working (I feel like > such a dolt, I never checked the cable, thanks > Charles) but know, after I > think I've written a very generic .conf file for > ipsec, its bombing, and I'm > not able to connect to the other site. Attached is > a copy of my ipsec.conf. > but I'm unable to get any results... > > # system wide setup > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug=none > plutoload=%search > plutostart=%search > # uniqueids=yes # not yet, otherwise it'll > only allow one > connection > > conn %default > keyingtries=0 > authby=rsasig > > # left is joey's hose > # right is the shop > conn home-office > left=66.25.44.147 > leftnexthope=66.25.44.1 > leftsubnet=192.168.3.0/24 > leftrsasigkey= < removed for space> > right=66.25.18.71 > rightnexthope=66.25.18.1 > rightsubnet=192.168.1.0/24 > rightrsasigkey= <removed for space> > > I still have uniqueids commented out because I read > that to be that it would > only allow one connection at a time, ie only one > user at a time to a > specific connection, want to be able to give the > whole office access to the > other network. Can someone point out the obvious > errors, and possibly give > me some assistance in getting this up... > > Joey > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user __________________________________________________ Do You Yahoo!? Yahoo! Greetings - Send FREE e-cards for every occasion! http://greetings.yahoo.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
