Does anyone know if OpenSWAN's
IKECFG works? (linux IPSEC client) Recent versions say there is experimental support.
I managed to get virtual IPs with OpenSWAN 2.3.0 working. Here's my ipsec.conf for posterity:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
# This file: /usr/share/doc/packages/freeswan/ipsec.conf-sample # # Manual: ipsec.conf.5 # # Help: # http://www.strongsec.com/freeswan/install.htm
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
plutodebug=none# default settings for connections
conn %default
esp=aes256-sha1
authby=rsasig
right=pub.lic.ip.addr
left=%defaultroute
leftcert=sean.crt
[EMAIL PROTECTED]
leftsubnet=10.10.100.50/32
leftsourceip=10.10.100.50
[EMAIL PROTECTED]
pfs=yesconn block
auto=ignoreconn private
auto=ignoreconn private-or-clear
auto=ignoreconn clear-or-private
auto=ignoreconn clear
auto=ignoreconn packetdefault
auto=ignoreconn sec
rightsubnet=192.168.99.0/24
auto=addoutput of 'ip addr list' showing my real LAN IP and virtual IP:
[EMAIL PROTECTED]:~ $ ip addr list
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:09:6b:4d:1c:66 brd ff:ff:ff:ff:ff:ff
3: ath0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 199
link/ether 00:09:5b:68:25:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.10.250/29 brd 192.168.10.255 scope global ath0
inet 10.10.100.50/32 scope global ath0
inet6 fe80::209:5bff:fe68:253a/64 scope link
valid_lft forever preferred_lft forever
6: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
No luck with VPN Tracker's IKECFG, yet.
cheers, sk
