Re: OT: Racoon with virtual ip (roadwarrior client)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

mike.redan@xxxxxxx wrote:

carlopmart wrote:
Somebody can explains me how can I configure ipsec-tools
package to
use private virtual ip address as an openswan does or some
doc/howto 
about it??

 I have seen this howto, but doesn't works for me:

 http://www.howtoforge.com/racoon_roadwarrior_vpn

Thanks Michael, I have seen before but this docs doesn't explains how to
use a virtual ip to connect via ipsec ... 



Would you be able to post your racoon configuration, maybe which version
of ipsec-tools you are using, and maybe some error messages?

It can be pretty easy to make little mistakes which will make this not
work. 

Cheers,
Mike
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
192.168.2.1 needs to be my virtual ip to connect to internal customer network. 172.25.50.28 it is my laptop's ip that I use on my job's network. I am using CentOS 5 and ipsec-tools version 0.6.5-8.el5. I have tried to use dummy driver to assign me 192.168.2.1 virtual ip without luck. 


My racoon.conf:

path certificate "/etc/racoon/certs";

listen
{
    adminsock "/var/racoon/racoon.sock" "root" "nobody" 0660;
}

remote 1.1.1.1
{
    exchange_mode main;
    certificate_type x509 "user.pem" "user.key";
    verify_cert on;
    my_identifier asn1dn;
    peers_identifier fqdn "fwcust.domain.com";
    ca_type x509 "custca.pem";
    verify_identifier on;
    proposal_check obey;
    nat_traversal on;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method rsasig;
        dh_group 2;
    }
}

sainfo address 192.168.2.1/32 any address 172.17.47.0/27 any
{
    pfs_group 2;
    lifetime time 12 hour;
    encryption_algorithm aes;
    authentication_algorithm hmac_sha256;
    compression_algorithm deflate;
}

sainfo address 172.17.47.0/27 any address 192.168.2.1/32 any
{
    pfs_group 2;
    lifetime time 12 hour;
    encryption_algorithm aes;
    authentication_algorithm hmac_sha256;
    compression_algorithm deflate;
}
sainfo address 172.25.50.28/32 any address 1.1.1.1/32 any
{
    pfs_group 2;
    lifetime time 12 hour;
    encryption_algorithm aes;
    authentication_algorithm hmac_sha256;
    compression_algorithm deflate ;
}

sainfo address 1.1.1.1/32 any address 172.25.50.28/32 any
{
    pfs_group 2;
    lifetime time 12 hour;
    encryption_algorithm 3des;
    authentication_algorithm hmac_sha256;
    compression_algorithm deflate;
}

--
CL Martinez
carlopmart {at} gmail {d0t} com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux