Here's my very easy test-setup: 192.168.2.1/30 --------------- | | Privat | | | subnet |---- |LEAFSys| ---- |Roadwarrior pc| | | | | --------------- | |- 192.168.2.2/30 | 192.168.1.254 192.168.1.0/24
leaf = left pc = right new ipsec settings which are the same on both: conn road left=192.168.2.1 leftsubnet=192.168.1.0/24 leftnexthop=192.168.2.2 [EMAIL PROTECTED] leftcert=firewall.pem right=192.168.2.2 rightsubnet=192.168.2.2/32 rightnexthop=192.168.2.1 [EMAIL PROTECTED] rightcert=client.pem auto=start (=add at the leafsystem) to make ipsec work however I had to give in a default route, otherwise it wouldn't start .. So I've put on both as default route the direct interface pointing to each other (eth0 both) and only then "/etc/init.d/ipsec start" works on the leaf system the ipsec is now ok I guess: ip address show: ipsec0: <NOARP, UP> mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:10:f3:06:4c:51 brd ff:ff:ff:ff:ff:ff inet 192.168.2.1/30 brd 192.168.2.3 scope global ipsec0 When I now use at the roadwarrior: ipsec auto --up road nothing happens and it's just doing nothing till I hit ^c I hope this helps in understanding the problem.. Regards, Tom Citeren Erich Titl <[EMAIL PROTECTED]>: > Tom > > Tom Hendrickx wrote: >> Hi, >> >> I want to make my leafsystem a vpn server through openswan. This for >> roadwarriors alone to be able to connect to the network behind it. >> Is this configuration out of chapter 9 also working for this, or >> what changes should be made? >> I'm getting really in trouble trying to configure this.. > > Mhhh... yes XSwan is not for the faint of heart :-). Mostly the > configuration is very case specific. The samples just show the most > common settings. > > If you want us to understand your config files you need to show your > set up, possibly in ascii art. > > Typically roadwarrier settings are easier to accomplish with OpenVPN. > >> >> # basic configuration >> config setup >> # plutodebug / klipsdebug = "all", "none" or a combation from below: >> # "raw crypt parsing emitting control klips pfkey natt x509 private" >> # eg: >> # plutodebug="control parsing" >> # >> # Only enable klipsdebug=all if you are a developer >> # >> # NAT-TRAVERSAL support, see README.NAT-Traversal >> # nat_traversal=yes >> # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12 >> interfaces=%defaultroute >> >> # Add connections here >> >> # sample VPN connection >> conn sample >> # Left security gateway, subnet behind it, nexthop toward right. >> left=west.dyndns.org >> leftsubnet=192.168.1.0/24 >> leftcert=west-cert.pem >> # Right security gateway, subnet behind it, nexthop toward left. >> right=%defaultroute >> rightsubnet=192.168.2.0/24 >> rightcert=east-cert.pem >> # To authorize this connection, but not actually start it, >> # at startup, uncomment this. >> auto=start >> >> #Disable Opportunistic Encryption >> include /etc/ipsec.d/examples/no_oe.conf >> >> >> Thanks, >> Tom >> >> > > cheers > > Erich > > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/