On 03/08/2011 07:25 PM, maverick me wrote: > Hi, > > I am having trouble with setting up site-to-site with remote network. > I have a single server with public ip where I have installed strongswan. > > > Remote admin has shared the following settings: > > ************************************************************************************************************************************ > > Peer IP:- 202.56.XXX.YYY > > Pre-shared key ########### ( share through phone ) > * > For IKE Policy * > Encryption 3DES > Authentication SHA > Diffie-Hellman Group 2 > * > For IPSec Policy* > Encryption 3DES > Authentication SHA > enable perfect forwarding secrecy(pfs) > Diffie-Hellman Group 1 > > your local pool IP :- 10.2.28.24 > > your remote network IP:- 10.2.84.68 > > ************************************************************************************************************************************ > > On the basis of this, I have created following ipsec.conf > > > config setup > plutostart=yes > plutodebug=all > plutostderrlog=/var/log/plutoerr.log plutostderrlog parameter is not supported
> > conn %default > keyexchange=ikev1 > type=tunnel > ikelifetime=86400 > > > conn myconn > left=119.82.AAA.BBB > leftsourceip=10.2.28.24 > right=202.56.XXX.YYY > rightsubnet=10.2.84.68/32 <http://10.2.84.68/32> > esp=3des-sha1-modp768 modp768 DH group is not supported since it is awfully weak > ike=3des-sha1-modp1024 > auth=esp > authby=secret > pfs=yes > auto=start > > > ******************************************************************************************************************************************************************************************************** > > > ]# ipsec status > 000 "myconn": > 10.2.28.24/32===119.82.69.67[119.82.69.67]...202.56.229.168[202.56.229.168]===10.2.84.68/32 > unrouted; eroute owner: #0 > 000 "myconn": newest ISAKMP SA: #0; newest IPsec SA: #0; > 000 > 000 #44: "myconn" STATE_QUICK_I1 (sent QI1, expecting QR1); > EVENT_RETRANSMIT in 30s > 000 > > > Remote side admin is asking me to NAT private IP. Any suggesstion how > that can be achived. Regards Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
