Are you trying to do a LAN-LAN connection? If so you don't want anything
to do with l2tp or xauth. Have a look at the examples I linked you to
earlier on the libreswan web site. What you have here is for roadwarriors.
NIck
On 10/01/2019 16:31, Antonios Katsouros wrote:
yes its there!!!
this is
root@srv1:~# cat /etc/ipsec.conf
version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24
<http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
protostack=netkey
interfaces=%defaultroute
uniqueids=no
conn shared
left=%defaultroute
leftid=195.95.65.10
right=%any
encapsulation=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
sha2-truncbug=yes
conn l2tp-psk
auto=add
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
*rightaddresspool=10.50.1.2-10.50.1.3 (by the way is there a way to
give a static in the other side??? i dont want pool)..*
modecfgdns="8.8.8.8 8.8.4.4"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
ikev2=never
cisco-unity=yes
also=shared
root@srv1:~#
Many thanks!!!
On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <[email protected]
<mailto:[email protected]>> wrote:
On Thu, 10 Jan 2019, Antonios Katsouros wrote:
> root@srv1:/etc/ipsec.d# ls
> cert9.db key4.db passwd pkcs11.txt policies
check /etc/ipsec.conf
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
