====== IPSec ====== see also: [[:linux:ipsec|IPSec in Linux]], [[:openswan|Openswan (ex-freeswan)]], [[:openswan:klips26]], [[:openswan:26sec]] * http://megaz.arbuz.com/2005/01/28/linux-vpn-guide/ This describes a configuration that extrudes a single public IP from a gateway to a laptop. On the laptop (named marajade -- Hand of the Emperor). Note, in this diagram the gateway is "left" and the laptop is "right" conn marajade--extrude left=205.150.200.134 leftsubnet=0.0.0.0/0 leftnexthop=205.150.200.129 right=%defaultroute rightid=@marajade.sandelman.ca rightsubnet=205.150.200.163/32 rightsourceip=205.150.200.163 auto=add On the gateway (mrcharlie): conn marajade--extrude left=205.150.200.134 leftsubnet=0.0.0.0/0 leftnexthop=205.150.200.129 right=%any rightid=@marajade.sandelman.ca rightsubnet=205.150.200.163/32 rightsourceip=205.150.200.163 auto=add Note that the ONLY difference is right=%any (on gateway) and right=%defaultroute (on laptop). In this case, all keys come from DNS. Note that if you use PSK, main mode probably fails for you. Use RAW rsa keys.