[Ilugc] IPSEC Connection between Gateway Firewalls

~adarsh~ vpadarsh at gmail.com
Wed Jun 28 16:47:46 IST 2006


On 6/28/06, Binand Sethumadhavan <binand at gmail.com> wrote:
> On 28/06/06, ~adarsh~ <vpadarsh at gmail.com> wrote:
> > i configured it from the MNF GUI . What all config files i should place?
>
> I suppose we could start with /etc/freeswan/ipsec.conf (or wherever
> ipsec.conf is on your system).
#
#--------------------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically
# by the naat/backend. Modify the templates/etc/freeswan/ipsec.conf instead
#-------------------------------------------------------------------------
#
# Copyright (C) 2003-2005 Mandriva
# Author Florin Grad
#
#######################################################################
## /etc/freeswan/ipsec.conf - FreeS/WAN IPsec configuration file

version 2

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        pfs=yes
 compress=yes
        disablearrivalcheck=no
        left=217.66.217.131
        leftcert=firewallother.test.com.crt
        leftrsasigkey=%cert
        leftsubnet=152.109.247.0/255.255.255.240
        leftnexthop=217.66.217.142

conn firewalldxb.test.com-vpn
        authby=rsasig
        auto=start
        right=195.229.190.151
        rightcert=firewalldxb.test.com.crt
        rightrsasigkey=%cert
        rightsubnet=192.168.1.0/255.255.255.0
        rightnexthop=195.229.190.145
# disable opportunistic encryption
conn block
        euto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore
# LAST LINE -- EOF


>
> Post "ip address show" as well.
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
    inet6 ff02::1/128 scope global
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:48:80:1f:22 brd ff:ff:ff:ff:ff:ff
    inet 152.109.247.15/24 brd 152.109.247.255 scope global eth0
    inet6 fe80::230:48ff:fe80:1f22/64 scope link
       valid_lft forever preferred_lft forever
    inet6 ff02::1:ff80:1f22/128 scope global
       valid_lft forever preferred_lft forever
    inet6 ff02::1/128 scope global
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:30:48:80:1f:23 brd ff:ff:ff:ff:ff:ff
    inet 217.66.217.131/28 brd 217.66.217.143 scope global eth1
    inet6 fe80::230:48ff:fe80:1f23/64 scope link
       valid_lft forever preferred_lft forever
    inet6 ff02::1:ff80:1f23/128 scope global
       valid_lft forever preferred_lft forever
    inet6 ff02::1/128 scope global
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0

>
> Binand
>

these entries on one side


-- 
Adarsh


More information about the ilugc mailing list