[LUGOS] m0n0wall in openvpn
Klemen Humerca
klemen at humerca.com
Sun Nov 4 20:31:57 CET 2007
OK, sedaj mi je uspelo vzpostaviti povezavo, vendar ne morem pinga
nobene mašine. Kje bi lahko bil vzrok?
Hvala.
--
Klemen Humerca
-----e-mail&web---------
klemen at humerca.com
forum.humerca.com
------------------------
Jernej Simončič wrote:
> On Sunday, November 4, 2007, 19:04:59, Klemen Humerca wrote:
>
>
>> Ravno danes zjutraj sem naletel na OpenSwan in se lotil povezave z
>> M0n0wall-om. Nekje se zatika saj vedno ob zagonu povezave dobim tole:
>>
>
>
>> conn atl
>> auth=esp
>> authby=secret
>> auto=start
>> esp=3des-md5-1024
>> pfs=yes
>> ike=3des-md5-1024
>> ikelifetime=3600s
>> keylife=3600s
>> left=84.255.243.xxx
>> leftid=84.255.243.xxx
>> leftsubnet=192.168.1.0/24
>> right=193.77.126.xxx
>> rightid=193.77.126.xxx
>> rightsubnet=192.168.0.0/24
>> type=tunnel
>>
>
> Kakšne imaš nastavitve na m0n0wallu? Poleg tega ti priporočam, da
> uporabljaš blowfish ali aes enkripcijo, ker so precej hitrejše od
> 3des (rabiš pa podporo v jedru).
>
> Sam uporabljam naslednje nastavitve za Openswan:
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> nat_traversal=yes
> #plutodebug=all
> klipsdebug=all
> interfaces=%defaultroute
>
> include /etc/ipsec.d/examples/no_oe.conf
>
> conn xxx
> authby=secret
> pfs=yes
> type=tunnel
> left=89.212.xxx.xxx
> leftnexthop=89.212.0.1
> leftsubnet=10.0.0.0/24
> right=84.255.xxx.xxx
> rightsubnet=192.168.0.0/24
> keyexchange=ike
> auto=start
> ike=aes128-sha1
> esp=blowfish256-sha1,blowfish128-sha1,aes128-sha1
>
>
> psSense imam pa konfiguriran tako:
> <http://img511.imageshack.us/my.php?image=pfsensevpnbm3.png>
>
>
>
More information about the lugos-list
mailing list