[Swan] Help!!
Nick Howitt
nick at howitts.co.uk
Thu Jan 10 16:34:36 UTC 2019
Are you trying to do a LAN-LAN connection? If so you don't want anything
to do with l2tp or xauth. Have a look at the examples I linked you to
earlier on the libreswan web site. What you have here is for roadwarriors.
NIck
On 10/01/2019 16:31, Antonios Katsouros wrote:
> yes its there!!!
>
> this is
>
> root at srv1:~# cat /etc/ipsec.conf
> version 2.0
>
> config setup
>
> virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24
> <http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
> protostack=netkey
> interfaces=%defaultroute
> uniqueids=no
>
> conn shared
> left=%defaultroute
> leftid=195.95.65.10
> right=%any
> encapsulation=yes
> authby=secret
> pfs=no
> rekey=no
> keyingtries=5
> dpddelay=30
> dpdtimeout=120
> dpdaction=clear
> ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
> phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
> sha2-truncbug=yes
>
> conn l2tp-psk
> auto=add
> leftprotoport=17/1701
> rightprotoport=17/%any
> type=transport
> phase2=esp
> also=shared
>
> conn xauth-psk
> auto=add
> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> *rightaddresspool=10.50.1.2-10.50.1.3 (by the way is there a way to
> give a static in the other side??? i dont want pool)..*
> modecfgdns="8.8.8.8 8.8.4.4"
> leftxauthserver=yes
> rightxauthclient=yes
> leftmodecfgserver=yes
> rightmodecfgclient=yes
> modecfgpull=yes
> xauthby=file
> ike-frag=yes
> ikev2=never
> cisco-unity=yes
> also=shared
> root at srv1:~#
>
>
> Many thanks!!!
>
>
>
> On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <paul at nohats.ca
> <mailto:paul at nohats.ca>> wrote:
>
> On Thu, 10 Jan 2019, Antonios Katsouros wrote:
>
> > root at srv1:/etc/ipsec.d# ls
> > cert9.db key4.db passwd pkcs11.txt policies
>
> check /etc/ipsec.conf
>
> Paul
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list