I can't understand why people make their configurations so complicated! (I think most people try and modify an example config that they find on the net, whereas I read up and have build my config from scratch). The (new) openswan has defaults within the program, so you do not explicitly need to define them with lines of config.
I have gone for a 'minimalist' config
interfaces=eth0 # AA Fibre Interface
left=88.98.XXX.XXX # AA Fibre
leftsubnet=10.1.0.0 # AA Subnet
you will see that I have defined an interface as opposed to the standard %defaultroute - this will be required as the VPNs are kept on a separate interface from the default route.
In the sites config:
# right values only. left defined in default
..and so on for the next 100
in the ipsec.secrets:
88.98.XXX.XXX # AA Fibre (left)
82.69.XXX.XXX. # MM
82.71.XXX.XXX # HH
82.69.XXX.XXX # CC
82.69.XXX.XXX # EE
: PSK "passwordtochange"
many things like PFS are enabled by default - (so much so that the line
has no effect).
The netgear routers are all DG834's, and as far as I am concerned are already working with the linux version running on
the 3Com unit, so should have no problem working with Clear.
The only thing I think I may need some help on, is allowing the traffic through the firewall (slightly more complicated as I have IPsec traffic going to multiple places depending on source IP... that's for another forum post!)