Re: ipsec.conf question

2008-05-06 Thread Claer
On Mon, May 05 2008 at 20:14, Prabhu Gurumurthy wrote: > All, > > I have a question regarding ipsec.conf. > > Example: > > IPsec peers: 3.3.3.3, 3.3.3.2 > Interesting traffic: 1.1.1.1 -> 192.168.100.2 > 2.2.2.2 -> 192.168.100.0/24 > > Main/Quick mode crypto/groups being: aes, s

ipsec.conf question

2008-05-05 Thread Prabhu Gurumurthy
All, I have a question regarding ipsec.conf. Example: IPsec peers: 3.3.3.3, 3.3.3.2 Interesting traffic: 1.1.1.1 -> 192.168.100.2 2.2.2.2 -> 192.168.100.0/24 Main/Quick mode crypto/groups being: aes, sha1 and group2 PSK being "test123" How can I define the above concisely

ipsec.conf question

2007-01-24 Thread stan
I've got some basic tuneling working using ipsec, and I'm trying to make it a bit more robuts. Here's what works: Machine A: ike esp from 192.168.1.0/24 to 192.168.9.0/24 peer XX.92.176.37 ike esp from XX.92.176.33 to 192.168.9.0/24 peer XX.92.176.37 ike esp from XX.92.176.33 to XX.92.176.37 Mac

Re: ipsec.conf question (dynamic and bypass example)

2006-03-10 Thread Reyk Floeter
On Fri, Mar 10, 2006 at 03:53:15PM +0100, Reyk Floeter wrote: > 3.) The laptops are using /30 subnets in the 172.16.0.0/16 range and > they're reachable via the VPN. Have a look at ssh_config(5) or the > src/usr.bin/ssh/README.tun file for details. SSH-VPN can be used > almost everywhere (even with

Re: ipsec.conf question (dynamic and bypass example)

2006-03-10 Thread Reyk Floeter
btw., On Thu, Mar 09, 2006 at 09:29:29PM +0100, Marc Peters wrote: > i am using -current as of 24.02.2006 and made a realese for my other > machines. i tried the ipsec tutorial which was posted on undeadly.org. i > have to go with one gateway which has a dynamic ip because it is an > adsl-connecti

Re: ipsec.conf question

2006-03-10 Thread Marc Peters
thx for your answer. Reyk Floeter schrieb: hi, you have a main misunderstanding here because you're mixing up the identities with the flows. On Thu, Mar 09, 2006 at 09:29:29PM +0100, Marc Peters wrote: i am using -current as of 24.02.2006 and made a realese for my other machines. i tried the

Re: ipsec.conf question

2006-03-10 Thread Reyk Floeter
hi, you have a main misunderstanding here because you're mixing up the identities with the flows. On Thu, Mar 09, 2006 at 09:29:29PM +0100, Marc Peters wrote: > i am using -current as of 24.02.2006 and made a realese for my other > machines. i tried the ipsec tutorial which was posted on undeadl

ipsec.conf question

2006-03-09 Thread Marc Peters
hello all, i am using -current as of 24.02.2006 and made a realese for my other machines. i tried the ipsec tutorial which was posted on undeadly.org. i have to go with one gateway which has a dynamic ip because it is an adsl-connection which is disconnected after 24 hours. when i try to fire