Am 03.04.2012 um 10:56 schrieb Tom Chadwin: > No joy with the IPSec VPNs yet. I've set up both boxes, hopefully mirroring > each others' config. I've tried both with and without NAT-T. I've not set > Auto-Establish-IP. > > Each box, when pinging the LAN address of the other, replies with: > > ping: sendto: Operation not permitted > > Other than setting the key, I've not changed any other settings in the auth > or SA/key exchange sections. Am I right in thinking that if I am using > preshared key, that no CA, cert, or key are required, and hence that I can > ignore the GUI message telling me that they are not present? > > Thanks > > Tom
You need to enable the IPSec-VPN-Firewall-plugin > -----Original Message----- > From: Michael Keuter [mailto:li...@mksolutions.info] > Sent: 03 April 2012 08:31 > To: nnpait.servi...@googlemail.com; AstLinux Users Mailing List > Subject: Re: [Astlinux-users] OpenVPN config > > > Am 03.04.2012 um 09:16 schrieb Tom Chadwin: > >> Thanks Michael. One other question - in the IPsec config, should local > host >> be the local box's LAN or WAN address? >> >> Thanks again >> >> Tom > > > Local-Host is the WAN-address of your local box, Local-Net the LAN-network > of this box like 192.168.1.0/24. > The same for remote. You may have to experiment with the lifetime of Phase > 2, I needed to change to 28800 secs for one site. > > Michael Michael http://www.mksolutions.info
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
