after testing i now have a sucessfull vpn connection
net as follows
subnet 192.168.40.0/24
|
|
192.168.40.254
bering gw rc3
ipsec 1.97
isdn dynamic ip
|
|
inet
|
|
194.248.214.187
bering rc3
ipsec 1.97
192.168.1.254
|
|
subnet 192.168.1.254/24
in order to run "ipsec setup restart" successfully you need to alter the
following in /lib/ipsec/_startklips
from:
eval `ip addr show $phys |
awk '$1 == "inet" && $3 == "brd" {
print "addr=" $2
other = $4
if ($3 == "brd")
print "type=broadcast"
else if ($3 == "peer")
print "type=pointopoint"
else if (NF == 5) {
print "type="
other = "" }
else
print "type=unknown"
print "otheraddr=" other
# print "mask=" $NF
gsub(/\//, " ", $0)
}'`
to:
eval `ip addr show $phys |
awk '$1 == "inet" {
print "addr=" $2
other = $4
if ($3 == "brd")
print "type=broadcast"
else if ($3 == "peer")
print "type=peer"
else if (NF == 5) {
print "type="
other = "" }
else
print "type=unknown"
print "otheraddr=" other
# print "mask=" $NF
gsub(/\//, " ", $0)
}'`
left is the rw
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
authby=secret
# sample VPN connection
conn lefttoright
# Left security gateway, subnet behind it, next hop unknown.
left=%defaultroute
leftsubnet=192.168.40.0/24
# Right security gateway, subnet behind it, next hop toward left.
right=194.248.214.187
rightsubnet=192.168.1.0/24
rightnexthop=194.248.214.1
auto=route
My only problem now is that left dosn't find the correct secret
auth.log say:
#1: Can't authenticate: no preshared key found for `130.67.213.232' and
`194.248.214.187'. Attribute OAKLEY_AUTHENTICATION_METHOD
my ipsec.secrets:
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
%any 194.248.214.187 : PSK "12345678"
if i add a line saying
[current dynamic ip] 194.248.214.187 : PSK "12345678"
it works as expected
i have tried replacing %any in ipsec.secrets with 0.0.0.0 and %defaultroute with no
luck.
i have tried replacing left=%defaultroute in ipsec.conf with left=%any but then ipsec
is unable to orient the connection and gives the "no ipsecN found" error
i am going to try out ipsec 1.98 now
mvh
Ronny Aasen
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
