Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
ipsec [2006/07/25 14:56] a ipsec |
ipsec [2009/05/25 00:35] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== IPSec ====== | ||
| + | |||
| + | see also: [[: | ||
| + | |||
| + | |||
| + | * http:// | ||
| + | |||
| + | This describes a configuration that extrudes a single public IP from a gateway to a laptop. | ||
| + | |||
| + | On the laptop (named marajade -- Hand of the Emperor). Note, in this diagram the gateway is " | ||
| + | |||
| + | conn marajade--extrude | ||
| + | left=205.150.200.134 | ||
| + | leftsubnet=0.0.0.0/ | ||
| + | leftnexthop=205.150.200.129 | ||
| + | right=%defaultroute | ||
| + | rightid=@marajade.sandelman.ca | ||
| + | rightsubnet=205.150.200.163/ | ||
| + | rightsourceip=205.150.200.163 | ||
| + | auto=add | ||
| + | |||
| + | On the gateway (mrcharlie): | ||
| + | |||
| + | conn marajade--extrude | ||
| + | left=205.150.200.134 | ||
| + | leftsubnet=0.0.0.0/ | ||
| + | leftnexthop=205.150.200.129 | ||
| + | right=%any | ||
| + | rightid=@marajade.sandelman.ca | ||
| + | rightsubnet=205.150.200.163/ | ||
| + | rightsourceip=205.150.200.163 | ||
| + | auto=add | ||
| + | |||
| + | Note that the ONLY difference is right=%any (on gateway) and right=%defaultroute (on laptop). | ||
| + | |||
| + | In this case, all keys come from DNS. Note that if you use PSK, main mode probably fails for you. Use RAW rsa keys. | ||
