Specifications
Editing ipsec.conf
Go to the directory C:\ProgramFiles\IPsec. Open the file ipsec.conf
with an editor. Adjust the data following the syntax in example 6.
conn <name of the connection>
left=%any
right=<IP of the Firewall on CD>
rightsubnet=<IP/netmask of the subnet>
rightca=<note the previously noted values in the
reverse order, separated by commas>
network=auto
auto=start
pfs=yes
File 6: Syntax of File ipsec.conf
Find an example configuration in 7. Make sure to write the first line left jus-
tified and the following lines indented.
conn roadwarrior_fwoncd
left=%any
right=10.10.254.181
rightsubnet=192.168.22.0/24
rightca="C=DE,S=Franken,L=Nuernberg,O=SuSE,OU=bu,
CN=mainca,E=bsupport@suse.de"
network=auto
auto=start
pfs=yes
File 7: Example of an ipsec.conf
Save the edited file.
Creating a Desktop Link and Activating the Connection
If desired, link to the file C:\ProgramFiles\IPsec\IPSEC.exe on your
desktop. Now establish the connection to the Internet. Click the created link.
A window will open and the IPsec filters will be config-
ured for your current connection. Test the tunnel with
ping <client IP behind the tunnel>. The message "IPSec is be-
ing negotiated" is displayed once or twice. If the normal ping replies are then
displayed, the tunnel is active. In Windows 2000 the second ping call will be
successful.
134 Configuring the IPsec Connection