On Wed, 3 Dec 2014, Darren Share wrote: late reply, message was lost in the inbox.....
FYI, I have also posted this on Server Fault. I am trying to establish an ipsec VPN from a Draytek router on the edge of our corporate network to a VPS on Digital Ocean. I've set up the VPN on the VPS using this script - https://github.com/philplckthun/setup-simple-ipsec-l2tp-vpn - on an Ubuntu 14.04 machine. I believe the script downloads and installs
That seems to be for L2TP/IPsec, not plain IPsec.
conn vpnpsk connaddrfamily=ipv4 auto=add left=178.62.73.215 # leftid=178.62.73.215 # leftsubnet=178.62.73.215/32 leftsubnet=10.10.10.0/24 # leftnexthop=%defaultroute leftnexthop=%direct leftprotoport=17/1701 rightprotoport=17/%any # right=%any right=10.111.1.0/24 rightsourceip=10.111.1.1 leftsourceip=10.10.10.1 # rightsubnetwithin=0.0.0.0/0
You seem to mean to build a net-to-net from 10.10.10.0/24 to 10.111.1.0/24 ? Your "right" should be the actual public IP of the server on that end, of if responding only (because the other end is behind NAT) %any. rightsubnet= should contain 10.111.1.0/24 instead. You should NOT configure left/rightprotoport because that's for transport mode host-to-host L2TP/IPsec only! You should also not need leftnexthop=%direct or rightsourceip=10.111.1.1
forceencaps=yes authby=secret pfs=no
better to do pfs=yes if possible.
type=transport
and you will need type=tunnel Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
