ich möchte testweise mal einen VPN-Tunnel zwischen zwei Rechner realisieren (beide sollen feste IP's haben) und.habe hier im Forum schon den einen Beitrag dazu gelesen (http://www.debianforum.de/forum/viewtop ... t=openswan)
hier die ipsec.conf vom Gateway (IP: 192.168.100.1):
Code: Alles auswählen
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.100.0/24
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftsubnet=192.168.100.0/24
leftcert=server.base.net.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
Code: Alles auswählen
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth0"
#net_traversal=no
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns
# Add connections here.
conn %default
keyingtries=1
compress=yes
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=172.16.0.0/24
also=roadwarrior
conn roadwarrior
left=192.168.100.1
leftcert=gateway.pem
right=%defaultroute
rightcert=roadwarrior.pem
auto=add
pfs=yes
Code: Alles auswählen
ipsec auto --up roadwarrior
Code: Alles auswählen
021 no connection named "roadwarrior"
Gruß
Madcat