Re: IPSec / FreeSWAN (linux) - Question 'bout VPN

[Anthony Schlemmer <aschlemm@comcast.net>]

On Tuesday 03 February 2004 04:03 am, Martín Marconcini wrote:
> Hello everybody,
>
> I've got four linux boxes which connect vía FreesWan to another Linux
> Box. The VPN scheme is something like this:
>
> LAN 1 192.168.1.x/24 -> LINUX01-xDSL -> TUNNEL ->
> LAN 2 192.168.2.x/24 -> LINUX02-xDSL -> TUNNEL ->
> LAN 3 192.168.3.x/24 -> LINUX03-xDSL -> TUNNEL ->
> LAN n...
>
> All the TUNNEL -> points to the SAME Linux Box. Due to the 80 columns
> limit, I will draw down here.
>
> TUNNEL -> STATIC_IP -> LINUX -> 192.168.0.0/16
>
[snip]

> The Ip's from the example above are 'real'. We're using the C Class
> 192.168.x.x/24 on every 'client'.
>
> Thank you very much for your time and sorry for the long post.
>
> Regards,
>
> Martín Marconcini

It would be helpful to see your /etc/isakmpd/isakmpd.conf file and also 
your FreeS/WAN settings for one of the tunnels you've setup on the 
Linux side as well. While I don't have a Linux box per se, the company 
I work for has a number of Snapgear firewall appliances at each branch 
office that runs an embedded version of Linux. FreeS/WAN is used for 
IPSec and I've had no major issues in getting my OpenBSD firewall to 
work with FreeS/WAN on these firewall appliances.

About the only problem I had was figuring out the notation of my 
end-point ID using the @<endpoint-id> notation that FreeS/WAN likes to 
use. My firewall has a dynamic IP address and I use the DynDNS.org's 
free service so I have a static name associated with my dynamic IP 
address on my firewall.

If you'd like I can send you my isakmpd.conf file for reference. It's a 
simple 3DES-SHA-GRP2 setup between one office and my home. Last but not 
least there are some good references on the FreeS/WAN website that show 
working configurations between FreeS/WAN and OpenBSD's isakmpd.

http://www.freeswan.org/freeswan_trees/freeswan-2.04/doc/
interop.html#isakmpd

Tony

-- 
Anthony Schlemmer
aschlemm@comcast.net