Oops - that should be leftnexthop=66.25.44.1 rightnexthop=66.25.18.1
I transposed the IP addresses - guess i should read before I post.... S >As Charles mentioned earlier - the lines: > >leftnexthope=66.25.44.1 >rightnexthope=66.25.18.1 > > >should be: > >rightnexthop=66.25.44.1 >leftnexthop=66.25.18.1 > > > > >>From: William Brinkman <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED], LRP Support >><[EMAIL PROTECTED]> >>Subject: Re: [Leaf-user] ipsec.conf assistance.. >>Date: Fri, 1 Mar 2002 06:19:30 -0800 (PST) >> >>Joey, >> >>I see nothing terribly wrong with the ipsec.conf file. >> Mine does have a leftid and rightid in the conn >>home-office section. I also have a auto=add on the >>office and a auto=start on the home section. Without >>these lines it does not when to start up. I'm sure >>you are reading the configuration section from >>freeswan.org. You might also try the logs to see what >>is going on. >> >># ipsec look - will give you the connections that are >>up and allowed. If the two are tunnel and secure if >>gives more information than can be believed. >> >># more /var/log/log.auth will tell you all about how >>the ipsec is connecting. It will also give you some >>real clues on connections. This will get REAL chatty >>if you change the plutodebug to all. >> >>I believe uniqueids means that if "B" machine tries to >> connect while "A" still thinks its connected, "A" >>will kill the current session with "B" and start a new >>session with "B". >> >>If you have a firewall other options might be needed >>like leftfirewall=yes. >> >>I'm about to finish a mini-howto for Dachstein CD >>using X.509 certificates. Let me know if you are >>interested. >> >>Hopes this helps - Bill >> >> >> >>--- Joey Officer <[EMAIL PROTECTED]> wrote: >> > Ok, its been awhile since last I had a real chance >> > to work on this, and now >> > finally I'm getting into it... >> > >> > I got all of the packages on the diskette (thanks >> > again for so much help >> > from Lynn and Charles), and I got the serial device >> > working (I feel like >> > such a dolt, I never checked the cable, thanks >> > Charles) but know, after I >> > think I've written a very generic .conf file for >> > ipsec, its bombing, and I'm >> > not able to connect to the other site. Attached is >> > a copy of my ipsec.conf. >> > but I'm unable to get any results... >> > >> > # system wide setup >> > config setup >> > interfaces=%defaultroute >> > klipsdebug=none >> > plutodebug=none >> > plutoload=%search >> > plutostart=%search >> > # uniqueids=yes # not yet, otherwise it'll >> > only allow one >> > connection >> > >> > conn %default >> > keyingtries=0 >> > authby=rsasig >> > >> > # left is joey's hose >> > # right is the shop >> > conn home-office >> > left=66.25.44.147 >> > leftnexthope=66.25.44.1 >> > leftsubnet=192.168.3.0/24 >> > leftrsasigkey= < removed for space> >> > right=66.25.18.71 >> > rightnexthope=66.25.18.1 >> > rightsubnet=192.168.1.0/24 >> > rightrsasigkey= <removed for space> >> > >> > I still have uniqueids commented out because I read >> > that to be that it would >> > only allow one connection at a time, ie only one >> > user at a time to a >> > specific connection, want to be able to give the >> > whole office access to the >> > other network. Can someone point out the obvious >> > errors, and possibly give >> > me some assistance in getting this up... >> > >> > Joey >> > >> > >> > >> > _______________________________________________ >> > Leaf-user mailing list >> > [EMAIL PROTECTED] >> > >>https://lists.sourceforge.net/lists/listinfo/leaf-user >> >> >>__________________________________________________ >>Do You Yahoo!? >>Yahoo! Greetings - Send FREE e-cards for every occasion! >>http://greetings.yahoo.com >> >>_______________________________________________ >>Leaf-user mailing list >>[EMAIL PROTECTED] >>https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > >_________________________________________________________________ >Chat with friends online, try MSN Messenger: http://messenger.msn.com > > >_______________________________________________ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
