[Swan] Adding host to subnet VPN
Alex
mysqlstudent at gmail.com
Sat Feb 20 22:39:04 UTC 2016
Hi,
I have two fedora23 systems with libreswan-3.16-1 in a
subnet-to-subnet configuration that's working fine. This was something
I built a number of years ago, and don't really remember the specifics
of how I did it.
I'd now like to add another fedora23 system by itself to the
configuration. I suppose this is just a "road warrior" type of
configuration.
I've experimented quite a bit with adapting my configuration to also
create a subnet-to-host setup, and haven't gotten it to work. I don't
see any similar examples on the website that describe using certs.
Below is my configuration. Ideas or pointers to examples would sure be
appreciated.
version 2.0
config setup
klipsdebug=all
nat_traversal=no
interfaces=%defaultroute
uniqueids=yes
protostack=netkey
oe=off
nhelpers=0
conn %default
auto=add
keyingtries=0
disablearrivalcheck=no
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
leftrsasigkey=%cert
rightrsasigkey=%cert
type=tunnel
authby=rsasig
esp=aes
ike=aes
conn VPN-DGHQ-DGXO
auto=start
left=68.111.193.42
leftnexthop=68.111.193.41
leftsubnet=192.168.1.0/24
leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
CN=orion.example.com"
leftcert=orion
right=46.65.72.6
rightnexthop=46.65.72.5
rightsubnet=64.1.16.0/27
rightid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
CN=cyclops.example.com"
rightcert=cyclops
conn VPN-DGHQ-DGXO-2
auto=start
left=68.111.193.42
leftnexthop=68.111.193.41
leftsubnet=192.168.1.0/24
leftid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
CN=orion.example.com"
leftcert=orion
right=46.65.72.6
rightnexthop=46.65.72.5
rightsubnet=66.105.218.96/28
rightid="@C=US, ST=New Jersey, L=Newark, O=My Company Inc,
CN=cyclops.example.com"
rightcert=cyclops
More information about the Swan
mailing list