On Sat, Mar 15, 2008 at 2:36 PM, Christian Weisgerber
<[EMAIL PROTECTED]> wrote:
> Barry Commander <[EMAIL PROTECTED]> wrote:
>
> > I'm trying to secure my wireless network using ipsec. I have the client and
> > the router (both running a recent snapshot) communicating using esp
> > fine as indicated by tcpdump when I ping the router from the client.
> > However the problem I'd like to solve is when I access the internet the
> > traffic flows unencrypted
>
> client:
> ike esp from 192.168.1.200 to any peer 192.168.1.1
>
> router:
> ike esp from any to 192.168.1.200
>
> And that's the totality of it. No "flow" rules.
hi,
I've the same situation, but my client is Linux (strongswan 4.1).
Actually my configs are:
client (192.168.0.100) ipsec.conf:
config setup
plutodebug="all"
nat_traversal=yes
uniqueids=yes
conn OpenBSD
type=transport
left=192.168.0.100
right=192.168.0.252
rightsubnet=0.0.0.0/0
keyexchange=ike
esp=aes128-sha1
ike=aes128-sha1-modp1024
auto=add
auth=esp
authby=secret
pfs=yes
keyingtries=%forever
rekeymargin=4m
rekey=yes
server (192.168.0.252) ipsec.conf:
ike esp transport from any to 192.168.0.100 quick auth hmac-sha1 enc
aes group modp1024 psk "someauthentication"
but only traffic between client and server is encrypted. I'd like
packets to the outside world an in my local network are encrypted.
What's wrong in this config?
Regards,
-f
