[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
On Sunday 14 November 2004 10:24, Grant Sewell wrote:
Ok, well I've made no progress what-so-ever. I've setup the ADSLRouter to forward TCP/UDP 500 to my IPCop box. I've setup the IPCop box to listen on it's red interface (which connects directly to the ADSLRouter), and I've setup the left/right things as follows (note that I've not found a decent set of docs that describes what each is for and how it should be configured for various implementations): Name: collegeaccess Enabled: yes Left: 192.168.1.25 Left next hop: %defaultroute Left subnet: 192.168.1.0/255.255.255.0 Right: 0.0.0.0 Right next hop: %defaultroute Right subnet: 0.0.0.0/0.0.0.0 Secret:************** Compression: off Now, as far as I can tell from pulling together different docs, Left is *my* LAN and Right is the *other* LAN. Now, how should I change this so that any IP could access the VPN so long as the correct "secret" was given? Once I've sorted that the addresses in here are correct and should work without a hitch, then I'll go back to the port forwarding thing.
Left is often though as local and right remote but they are switchable but it is nice to use some system to remember. Eeek, two next hops? Loose the left next hop set the right parameter to right=%any, and the right next hop to the ip address of the gateway. Using PSK (pre share keys) or secrets is not the best way to do things,(but is often good for inital testing) can you use x509 certs with both ends on your setup? I have done this with the "swans" before and all my setup is documented at http://www.cornelius.demon.co.uk if that is any help? Robin -- Robin Cornelius --------------------------------------------------- robin@xxxxxxxxxxxxxxxxxxxxx GPG Key ID: 0x729A79A23B7EE764 http://www.biglumber.com/x/web?qs=0x729A79A23B7EE764
Attachment:
pgp00017.pgp
Description: PGP signature