As Charles mentioned earlier - the lines: leftnexthope=66.25.44.1 rightnexthope=66.25.18.1
should be: rightnexthop=66.25.44.1 leftnexthop=66.25.18.1 >From: William Brinkman <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED], LRP Support ><[EMAIL PROTECTED]> >Subject: Re: [Leaf-user] ipsec.conf assistance.. >Date: Fri, 1 Mar 2002 06:19:30 -0800 (PST) > >Joey, > >I see nothing terribly wrong with the ipsec.conf file. > Mine does have a leftid and rightid in the conn >home-office section. I also have a auto=add on the >office and a auto=start on the home section. Without >these lines it does not when to start up. I'm sure >you are reading the configuration section from >freeswan.org. You might also try the logs to see what >is going on. > ># ipsec look - will give you the connections that are >up and allowed. If the two are tunnel and secure if >gives more information than can be believed. > ># more /var/log/log.auth will tell you all about how >the ipsec is connecting. It will also give you some >real clues on connections. This will get REAL chatty >if you change the plutodebug to all. > >I believe uniqueids means that if "B" machine tries to > connect while "A" still thinks its connected, "A" >will kill the current session with "B" and start a new >session with "B". > >If you have a firewall other options might be needed >like leftfirewall=yes. > >I'm about to finish a mini-howto for Dachstein CD >using X.509 certificates. Let me know if you are >interested. > >Hopes this helps - Bill > > > >--- Joey Officer <[EMAIL PROTECTED]> wrote: > > Ok, its been awhile since last I had a real chance > > to work on this, and now > > finally I'm getting into it... > > > > I got all of the packages on the diskette (thanks > > again for so much help > > from Lynn and Charles), and I got the serial device > > working (I feel like > > such a dolt, I never checked the cable, thanks > > Charles) but know, after I > > think I've written a very generic .conf file for > > ipsec, its bombing, and I'm > > not able to connect to the other site. Attached is > > a copy of my ipsec.conf. > > but I'm unable to get any results... > > > > # system wide setup > > config setup > > interfaces=%defaultroute > > klipsdebug=none > > plutodebug=none > > plutoload=%search > > plutostart=%search > > # uniqueids=yes # not yet, otherwise it'll > > only allow one > > connection > > > > conn %default > > keyingtries=0 > > authby=rsasig > > > > # left is joey's hose > > # right is the shop > > conn home-office > > left=66.25.44.147 > > leftnexthope=66.25.44.1 > > leftsubnet=192.168.3.0/24 > > leftrsasigkey= < removed for space> > > right=66.25.18.71 > > rightnexthope=66.25.18.1 > > rightsubnet=192.168.1.0/24 > > rightrsasigkey= <removed for space> > > > > I still have uniqueids commented out because I read > > that to be that it would > > only allow one connection at a time, ie only one > > user at a time to a > > specific connection, want to be able to give the > > whole office access to the > > other network. Can someone point out the obvious > > errors, and possibly give > > me some assistance in getting this up... > > > > Joey > > > > > > > > _______________________________________________ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > >https://lists.sourceforge.net/lists/listinfo/leaf-user > > >__________________________________________________ >Do You Yahoo!? >Yahoo! Greetings - Send FREE e-cards for every occasion! >http://greetings.yahoo.com > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
