[strongSwan] site-to-site vpn
Averlon GmbH (in Gründung)
info at averlon.net
Sat Aug 29 10:14:45 CEST 2015
Hi all,
I have a Ubuntu 14.04 server with a service provider.
Unfortunately, the server can only get a public ip-address assigned to. It
is not possible to assign a second, internal ip-address.
Now I would like to setup a vpn tunnel from my lancom 1781a, which only
supports IPSec, to this server.
The server has been migrated from another service provider to the current.
The former service provider was able to assign a second, internal
IP-address. With this environment I was able to setup the site-to-site vpn
with the following configuration.
+++++
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="ike 0, knl 0, cfg 1"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
# keyexchange=ikev1
authby=secret
mobike=no
# Add connections here.
conn myconnection
authby=secret
keyexchange=ikev1
left=server1.provider.com #public-ip
leftsubnet=192.168.113.0/24
leftid=@server1.av.loc
right=xxx.dyndns.biz #dynamic-ip
rightsubnet=192.168.110.0/24
rightid=@netz1.av.loc
rightallowany=yes
dpdaction=restart
lifetime = 1h
margintime = 9m
rekeyfuzz = 100%
auto=start
+++++
But how to do this when the left side does not have an internal IP-address?
I am a little bit lost. I guess, I need something like NAT (not sure).
Could someone give me a hint what the configuration needs to look like?
Kind Regards
Karl-Heinz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150829/62f501a8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150829/62f501a8/attachment.bin>
More information about the Users
mailing list