No joy with the IPSec VPNs yet. I've set up both boxes, hopefully mirroring each others' config. I've tried both with and without NAT-T. I've not set Auto-Establish-IP.
Each box, when pinging the LAN address of the other, replies with: ping: sendto: Operation not permitted Other than setting the key, I've not changed any other settings in the auth or SA/key exchange sections. Am I right in thinking that if I am using preshared key, that no CA, cert, or key are required, and hence that I can ignore the GUI message telling me that they are not present? Thanks Tom -----Original Message----- From: Michael Keuter [mailto:li...@mksolutions.info] Sent: 03 April 2012 08:31 To: nnpait.servi...@googlemail.com; AstLinux Users Mailing List Subject: Re: [Astlinux-users] OpenVPN config Am 03.04.2012 um 09:16 schrieb Tom Chadwin: > Thanks Michael. One other question - in the IPsec config, should local host > be the local box's LAN or WAN address? > > Thanks again > > Tom Local-Host is the WAN-address of your local box, Local-Net the LAN-network of this box like 192.168.1.0/24. The same for remote. You may have to experiment with the lifetime of Phase 2, I needed to change to 28800 secs for one site. Michael http://www.mksolutions.info ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
