So I was feeling all geeky and I decided to replace my Draytek 2820 with a little Aspire Revo 3600 running Linux. The Revo only has 1 ethernet interface so I bought a little USB ethernet adapter for the interface to the WAN bridge. It’s gone pretty well but one of the biggest challenges I had was sorting out a LAN to LAN IPSEC tunnel to my co-workers. The Draytek used to magically handle all that for me.
OpenVPN wasn’t an option since the Draytek doesn’t support it so I decided to go with Openswan. It took me a while to figure out but I now seem to have a rock solid link to my co-workers. I thought I’d paste my /etc/ipsec.conf file below in case it’s of use to anyone else looking to do something similar.
The Draytek at the other end has its call direction set to “Dial-in” so it’s my router’s responsibility to open the connection. They use an IKE Pre-Shared-Key to authenticate. I’ve changed IP addresses below to fictional ones.
version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup interfaces=%defaultroute myid=200.200.200.100 nat_traversal=yes oe=no protostack=netkey syslog=syslog.debug virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12%,v4:!192.168.1.0/24 conn net-to-net type=tunnel connaddrfamily=ipv4 authby=secret auto=start compress=no ike=3des-sha1,des-md5 phase2alg=3des-sha1,des-md5 phase2=esp ikelifetime=3600s keyexchange=ike keylife=28800s keyingtries=%forever left=%defaultroute leftsourceip=192.168.2.1 leftid=200.200.200.100 leftsubnet=192.168.2.0/24 pfs=yes dpdaction=restart right=200.200.200.200 rightid=200.200.200.200 rightsourceip=192.168.1.1 rightsubnet=192.168.1.0/24
Posted in 
Tags: 
Please can you help me to configure this? i always get this error in ‘/var/log/auth.log’: Possible authentication failure: no acceptable response to our first encrypted message
now there is a connection but there goes no ping to other site