[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec / FreeSWAN (linux) - Question 'bout VPN
On Tuesday 03 February 2004 04:03 am, Martín Marconcini wrote:
> Hello everybody,
> I've got four linux boxes which connect vía FreesWan to another Linux
> Box. The VPN scheme is something like this:
> LAN 1 192.168.1.x/24 -> LINUX01-xDSL -> TUNNEL ->
> LAN 2 192.168.2.x/24 -> LINUX02-xDSL -> TUNNEL ->
> LAN 3 192.168.3.x/24 -> LINUX03-xDSL -> TUNNEL ->
> LAN n...
> All the TUNNEL -> points to the SAME Linux Box. Due to the 80 columns
> limit, I will draw down here.
> TUNNEL -> STATIC_IP -> LINUX -> 192.168.0.0/16
> The Ip's from the example above are 'real'. We're using the C Class
> 192.168.x.x/24 on every 'client'.
> Thank you very much for your time and sorry for the long post.
> Martín Marconcini
It would be helpful to see your /etc/isakmpd/isakmpd.conf file and also
your FreeS/WAN settings for one of the tunnels you've setup on the
Linux side as well. While I don't have a Linux box per se, the company
I work for has a number of Snapgear firewall appliances at each branch
office that runs an embedded version of Linux. FreeS/WAN is used for
IPSec and I've had no major issues in getting my OpenBSD firewall to
work with FreeS/WAN on these firewall appliances.
About the only problem I had was figuring out the notation of my
end-point ID using the @<endpoint-id> notation that FreeS/WAN likes to
use. My firewall has a dynamic IP address and I use the DynDNS.org's
free service so I have a static name associated with my dynamic IP
address on my firewall.
If you'd like I can send you my isakmpd.conf file for reference. It's a
simple 3DES-SHA-GRP2 setup between one office and my home. Last but not
least there are some good references on the FreeS/WAN website that show
working configurations between FreeS/WAN and OpenBSD's isakmpd.