On Thu, Oct 12, 2006 at 10:07:27AM +0200, viq wrote: > Say, VPN-A is the VPN box, VPN-B is the roadwarrior. On VPN-A you need > to enable packet forwarding, and pf as you will need NAT: > nat on $ext_if from !($ext_if) -> ($ext_if:0) > This is because packets from VPN-B will leave VPN-A with VPN-B's > source address, which most of the time no computer on VPN-A's network > will know how to reach. > I didn't play with certificates yet, I just copied the keys to > appropriate UFQDN. > Now VPN-A has this in ipsec.conf: > ike passive esp from any to any srcid [EMAIL PROTECTED] dstid > [EMAIL PROTECTED] > > And VPN-B's ipsec.conf: > ike dynamic esp from vpn-b.my.domain to any peer vpn-a.my.domain srcid > [EMAIL PROTECTED] dstid [EMAIL PROTECTED]
So every roadwarrior has one key, [EMAIL PROTECTED] -- albert chin ([EMAIL PROTECTED])
