Open Source Security Tools : Practical Guide to Security Applications part 34. Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses. Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. | Page 309 Thursday June 24 2004 11 12 PM Virtual Private Networks 309 Table FreeS WAN Parameters Parameters Description Left The IP address of your Left IPsec gateway. Leftsubnet The range of IPs behind the Left gateway. Leftid The host name in a fully qualified domain name format and with an @ in front of it. For example @. Leftrsasigkey The key you copied earlier from the Left machine. Leftnexthop The default gateway for the Left machine. The default setting should work in most cases. Right Same as Left above but for the Right machine Rightsubnet Same as Leftsubnet above but for the Right machine. Rightid Same as Leftid above but for the Right machine. Rightrsasigkey Same as Leftrsasigkey above but for the Right machine. Rightnexthop Same as Leftnexthop above but for the Right machine. Auto The default setting of add authorizes the connection but doesn t start it up when the system is booted. If you want it to start automatically change this to start. If you are running a firewall with NAT you may have to write a special rule in your firewall so that it doesn t translate the network address of that machine. Many newer firewall models automatically recognize IPsec packets and pass them through unchanged so this extra step is unnecessary. 8. To test your connection try pinging an internal address on the other side of the remote gateway. If you get a successful response then you have an IPsec tunnel up and running. 9. If you really want to verify that the packets are being encrypted use a packet sniffer such as Tcpdump or Ethereal to see if you can read any of the packets. If the sniffer identifies the packets as ESP packets ESP is one of the IPsec subprotocols Page 310 Thursday June 24 2004 11 12 PM 310 Chapter 9 Encryption Tools and the packet payloads come up looking like gibberish then all is working correctly. 10. If you want to add multiple net-to-net connections you can just add another section with a new