> ipsec.conf -- i was reading over the docs, and I know that it says to keep > left and right the same throughout the ipsec.conf file but, it started > occuring to me (as I read more) that this only applies to each side.. ie > # office network > conn office > left=192.168.1.254 > right=192.168.2.254 > > where left is the office, and right is the home, however on the home > computer, I would reverse those settings, ie > > left=192.168.2.254 > right=192.168.1.254
Actually, IPSec systems are peers...in ipsec.conf, the system can be *EITHER* left or right. The FreeS/WAN code figures out whether it's left or right based on comparing your network configuration with the information in ipsec.conf, and will complain if nothing matches (ie the system is neither left *or* right, typically due to a configuration error). To make life easier, most folks choose some arbitrary conventions for their configuration file format. If you're VPN configuration is just a single point-point link, it's usually easiest to use exactly the same configuration file on both ends of the link. This can be extended to multiple point-point links by using the include feature, and making each VPN connection a file. You can then use exactly the same connection descriptions on all your VPN machines, controlling which links get brought up by what you include in ipsec.conf. I've settled on a convention where the local system is always "left", and the left connection parameters are specified in a default conn section. I also have a large number of "right" side connection specifications (one for each VPN access point on my network), and I can easily make VPN links to any of the possible remote points by simply including the appropriate endpoint. This allows me to fairly easily build and configure a system with several (about 10) VPN points, and a partial mesh network (most VPN links are connected to several other points, but it's not (and can't be) a total mesh, because a: it's not neeeded, and b: several endpoints are dynamic IP's). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
