Stephen Lee wrote:
On Sun, 2004-12-05 at 10:59, Charles Steinkuehler wrote:Stephen Lee wrote:
> Hi,
> > I've got two Bering boxen joined with a super-freeswan-1.99.6.2 VPN
> connection. As a GW-GW tunnel they are running great. Very stable! I
> want to allow roadwarriors (WinXP pro) to tunnel into one of the
> gateways as well. What additional entries do I need to add to that
> ipsec.conf file? All of the examples I've seen so far show either
> configuration but it's not apparent (at least for me) how to have both
> types of tunnels running at the same time.
> > Here's the ipsec.conf listing for the gateway I want to add the
> roadwarrior entries to:
> ----------------------------------------------------------------------------
<snip>
Just add a new connection section(s) with appropriate entries for your road warrior(s). Note if the road-warriors have dynamic IP's and you wish to use shared secret authentication, *ALL* road-warrior systems will have to share the same connection description and the same secret!
If you can use certificates or PSK's, you can make a unique connection description for each system.
NOTE: If you wind up with lots of connection specifications, you may want to eliminate duplicated information from each of the (ie: the local IP address and nexthop entries). You can do this with the special 'default' connection, or use the also= and include= settings in the connection description.
Thanks Charles. The roadwarrior notebook in some cases is behind a nat firewall like a Linksys. Would I simply turn on VPN passthrough on the Linksys to open ports 500/udp, 50 and 51?
That's one option. You could also setup all (or some, if you're using certs or PSK's) of your road-warrior connections for NAT-Traversal, using UDP port 500 for all traffic and avoiding the use of protocols 50/51 entirely.
-- Charles Steinkuehler [EMAIL PROTECTED]
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
