From: Kristian N. <kni...@we...> - 2006-11-30 01:35:05
|
Have successfully connected a windowsXP box running openvpn client to an ipcop running openvpn/zarina but would now like to use IPSec because other offices use netgear routers. I have a Netgear DG834G vpn/asdl/router which I am trying to connect to ipcop 1.4.11 ipsec vpn. The error I get in ipsec logs on ipcop is 'no connection has been authorized with policy=PSK' My setup is as follows... IPCOP AT WORK... green: 192.168.70.1 red: 10.0.7.2 (note this is different from public ip) public ip: 1.2.3.4 NETGEAR AT HOME... static public ip: 5.6.7.8 local router ip: 192.168.80.1 I create a net-to-net vpn in ipcop, here is the ipsec.conf... config setup interfaces="%defaultroute ipsec1=eth0 " klipsdebug="none" plutodebug="crypt parsing emitting control klips dns nat_t " plutoload=%search plutostart=%search uniqueids=yes nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.70.0/255.255.255.0,%v4:!192.168.71.0/255.255.255.0,%v4:!192.168.80.0/255.255.255.0 conn %default keyingtries=0 disablearrivalcheck=no conn kristiannetgear left=1.2.3.4 leftnexthop=%defaultroute leftsubnet=192.168.70.0/255.255.255.0 rightsubnet=192.168.80.0/255.255.255.0 rightnexthop=%defaultroute ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024 esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5 ikelifetime=1h keylife=8h dpddelay=30 dpdtimeout=120 dpdaction=restart pfs=yes authby=secret auto=start and ipsec.secrets... : RSA /var/ipcop/certs/hostkey.pem 1.2.3.4 5.6.7.8 : PSK "mypassword" I am probably doing something stupid - I am not sure about my work side - is my red interface being 10.0.7.2 OK? This setup worked with openvpn. regards, Kristian. |