On Sun, 2004-12-05 at 10:59, Charles Steinkuehler wrote: > Stephen Lee wrote: > > > Hi, > > > > I've got two Bering boxen joined with a super-freeswan-1.99.6.2 VPN > > connection. As a GW-GW tunnel they are running great. Very stable! I > > want to allow roadwarriors (WinXP pro) to tunnel into one of the > > gateways as well. What additional entries do I need to add to that > > ipsec.conf file? All of the examples I've seen so far show either > > configuration but it's not apparent (at least for me) how to have both > > types of tunnels running at the same time. > > > > Here's the ipsec.conf listing for the gateway I want to add the > > roadwarrior entries to: > > ---------------------------------------------------------------------------- > > > > # /etc/ipsec.conf - FreeS/WAN IPsec configuration file > > > > # basic configuration > > config setup > > # THIS SETTING MUST BE CORRECT or almost nothing will work; > > # %defaultroute is okay for most simple cases. > > interfaces=%defaultroute > > # Debug-logging controls: "none" for (almost) none, "all" for > > lots. > > klipsdebug=none > > plutodebug=none > > # Use auto= parameters in conn descriptions to control startup > > actions. > > plutoload=%search > > plutostart=%search > > # Close down old connection when new one using same ID shows up. > > uniqueids=yes > > > > > > conn new-old > > keyingtries=0 > > authby=secret > > left=63.130.102.68 > > leftsubnet=192.168.0.0/24 > > right=24.180.196.21 > > rightsubnet=192.168.1.0/24 > > rightnexthop=%defaultroute > > pfs=yes > > auto=start > > Just add a new connection section(s) with appropriate entries for your road > warrior(s). Note if the road-warriors have dynamic IP's and you wish to use > shared secret authentication, *ALL* road-warrior systems will have to share > the same connection description and the same secret! > > If you can use certificates or PSK's, you can make a unique connection > description for each system. > > NOTE: If you wind up with lots of connection specifications, you may want > to eliminate duplicated information from each of the (ie: the local IP > address and nexthop entries). You can do this with the special 'default' > connection, or use the also= and include= settings in the connection > description.
Thanks Charles. The roadwarrior notebook in some cases is behind a nat firewall like a Linksys. Would I simply turn on VPN passthrough on the Linksys to open ports 500/udp, 50 and 51? Stephen ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
