Hello,
I'm using a OpenBSD 3.9 Box as VPN server for roadwarriors.
Everithing works fine, everyone can connect from everiwhere to the VPN
server and it's working very stable.
The whole configuration is extract from Johan Allard's howto's, on the PC
side I'm using safenet remote windows client.
But I have just one trouble, I give each client that connect a single IP
identified by his e-mail address and if they are two clients on the same
source network, only one can connect to the VPN, the other one has his VPN
connection dropped down.
if sombody has a great idea for me ..
Regard's
Claude
Here is my isakmpd.conf :
#
# Soft-PK - OpenBSD isakmpd configuration file.
#
# The only thing that needs editing is the pre shared secret
# 'mekmitasdigoat'. The setting allows everyone who knows the correct
# pre shared secret to connect.
#
# Please mail me if you have any comments or bug-reports.
#
# Johan Allard <[EMAIL PROTECTED]>
#
[Phase 1]
Default= ISAKMP-clients
[Phase 2]
Passive-Connections= IPsec-clients
# Phase 1 peer sections
#######################
[ISAKMP-clients]
Phase= 1
Transport= udp
Configuration= SoftPK-main-mode
Authentication= xxxxxxxxx
# Phase 2 sections
##################
[IPsec-clients]
Phase= 2
Configuration= SoftPK-quick-mode
#Local-ID= default-route
Local-ID= LAN54
Remote-ID= dummy-remote
# Client ID sections
####################
[ufqdn/[EMAIL PROTECTED]
Address= 192.168.54.15
Netmask= 255.255.255.0
[ufqdn/[EMAIL PROTECTED]
Address= 192.168.54.16
Netmask= 255.255.255.0
[ufqdn/[EMAIL PROTECTED]
Address= 192.168.54.17
Netmask= 255.255.255.0
[ufqdn/[EMAIL PROTECTED]
Address= 192.168.54.18
Netmask= 255.255.255.0
[default-route]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0
[LAN54]
ID-Type= IPV4_ADDR_SUBNET
Network= 192.168.54.0
Netmask= 255.255.255.0
[dummy-remote]
ID-type= IPV4_ADDR
Address= 0.0.0.0
# Transform descriptions
########################
# Some predefined section names are recognized by the daemon, voiding the
# need to fully specify the Main Mode transforms and Quick Mode suites,
# protocols and transforms.
#
# For Main Mode:
# {DES,BLF,3DES,CAST}-{MD5,SHA}[-{DSS,RSA_SIG}]
#
# For Quick Mode:
# QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE
[SoftPK-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-MD5
[SoftPK-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-MD5-SUITE
# Main mode transforms
######################
[3DES-MD5]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_1_DAY
# Lifetimes
###########
[LIFE_1_DAY]
LIFE_TYPE= SECONDS
LIFE_DURATION= 86400,79200:93600
--
View this message in context:
http://www.nabble.com/VPN-configuration-for-roadwarrior-tf2691887.html#a7506394
Sent from the openbsd user - misc mailing list archive at Nabble.com.
