[Swan] Help!!

Nick Howitt nick at howitts.co.uk
Thu Jan 10 16:34:36 UTC 2019 

Are you trying to do a LAN-LAN connection? If so you don't want anything 
to do with l2tp or xauth. Have a look at the examples I linked you to 
earlier on the libreswan web site. What you have here is for roadwarriors.

NIck

On 10/01/2019 16:31, Antonios Katsouros wrote:
> yes its there!!!
>
> this is
>
> root at srv1:~# cat /etc/ipsec.conf
> version 2.0
>
> config setup
>   
> virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24 
> <http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
>   protostack=netkey
>   interfaces=%defaultroute
>   uniqueids=no
>
> conn shared
>   left=%defaultroute
>   leftid=195.95.65.10
>   right=%any
>   encapsulation=yes
>   authby=secret
>   pfs=no
>   rekey=no
>   keyingtries=5
>   dpddelay=30
>   dpdtimeout=120
>   dpdaction=clear
> ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
> phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
>   sha2-truncbug=yes
>
> conn l2tp-psk
>   auto=add
>   leftprotoport=17/1701
>   rightprotoport=17/%any
>   type=transport
>   phase2=esp
>   also=shared
>
> conn xauth-psk
>   auto=add
>   leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> *rightaddresspool=10.50.1.2-10.50.1.3   (by the way is there a way to 
> give a static in the other side??? i dont want pool)..*
>   modecfgdns="8.8.8.8 8.8.4.4"
>   leftxauthserver=yes
>   rightxauthclient=yes
>   leftmodecfgserver=yes
>   rightmodecfgclient=yes
>   modecfgpull=yes
>   xauthby=file
>   ike-frag=yes
>   ikev2=never
>   cisco-unity=yes
>   also=shared
> root at srv1:~#
>
>
> Many thanks!!!
>
>
>
> On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <paul at nohats.ca 
> <mailto:paul at nohats.ca>> wrote:
>
>     On Thu, 10 Jan 2019, Antonios Katsouros wrote:
>
>     > root at srv1:/etc/ipsec.d# ls
>     > cert9.db  key4.db  passwd  pkcs11.txt  policies
>
>     check /etc/ipsec.conf
>
>     Paul
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list