RuggedRouter® User Guide
• protocol 51, IPSEC-AH Authentication Header (RFC2402),
• protocol 50, IPSEC-ESP Encapsulating Security Payload (RFC2046),
• UDP port 500.
You must configure the firewall to accept connections on these ports and protocols.
See the Configuring The Firewall chapter, Configuring The Firewall And VPN
section for details.
The Openswan Configuration Process
Each VPN connection has two ends, in the local router and the remote router. The
Openswan developers designed the configuration in such a way that the configuration
record describing a VPN connection can be used without change at either end. One
side of the connection (typically the local side) is designated the “left” side and the
other is designated the “right” side.
A convenient method is to configure both ends simultaneously, having two browser
windows up. The relevant information is cut and pasted from window to window.
This module also includes tools to export and import the connection data. The
configuration can thus be generated at one router, exported, and imported at the
remote router.
IPsec and Router Interfaces
The IPsec daemon requires router interfaces to exist before it starts. If none of the
interfaces needed by IPsec exist, IPsec will check for them every minute until at least
one does.
Note that in the unlikely event that IPsec uses multiple network interfaces, a stop of
any of those interfaces will cause all tunnels to stop.
IPsec may have to be manually restarted after configuring network interfaces when
multiple tunnels exist.
140 RuggedCom