[[ipsec]]
Trace: ipsec
Show pagesource
AdminRecent ChangesSitemap

This is an old revision of the document!

This describes a configuration that extrudes a single public IP from a gateway to a laptop.

On the laptop (named marajade – Hand of the Emperor). Note, in this diagram the gateway is “left” and the laptop is “right”

conn marajade–extrude 

      left=205.150.200.134
      leftsubnet=0.0.0.0/0
      leftnexthop=205.150.200.129
      right=%defaultroute
      rightid=@marajade.sandelman.ca
      rightsubnet=205.150.200.163/32
      rightsourceip=205.150.200.163
      auto=add

On the gateway (mrcharlie):

conn marajade–extrude 

      left=205.150.200.134
      leftsubnet=0.0.0.0/0
      leftnexthop=205.150.200.129
      right=%any
      rightid=@marajade.sandelman.ca
      rightsubnet=205.150.200.163/32
      rightsourceip=205.150.200.163
      auto=add

Note that the ONLY difference is right=%any (on gateway) and right=%defaultroute (on laptop).

In this case, all keys come from DNS. Note that if you use PSK, main mode probably fails for you. Use RAW rsa keys.

ipsec.1140050195.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pagesourceOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready