[Openswan Users] openswan feature check

[Bas Huisman]

Hello all,

I am trying pretty hard to get openswan working with a Sonic Wall IPSEC server,

These are the settings on de Sonic Wall IPSEC server side:

IKE (phase 1) Proposal
----------------------
DH Group: Group 2
Encryption: 3DES
Authentication: SHA1

Ipsec (phase 2) Proposal
------------------------
Protocol: esp
Encryption: 3DES
Authentication: SHA1

and "Require authentication of VPN clients via XAUTH"

these are the relevant settings on the server side,

Only thing I want to know if "openswan-2.3.0dr4.tar.gz" or the cvs version
will support the 3DES+SHA1+XAUTH combination ,

http://www.openswan.nl/code/ states:

"Openswan 2.3.x will include Aggressive Mode, Mode Config/XAUTH and KLIPS for
2.6"

So it should, after some investigation I found out that OpenSwan 2.2.0 does
not support this, i've tried the following ipsec.conf with OpenSwan-2.2.0:

config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces=%defaultroute
        # but lets be explicit for safety sake
        #interfaces="ipsec0=eth1"
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=all
        # Close down old connection when new one using same ID shows up.
        uniqueids=yes
        plutoopts="--perpeerlog --debug-pfkey --debug-klips"

conn GroupVPN
        type=tunnel
        xauth=yes
        left=%defaultroute
        leftxauthclient=yes
        right=x.x.x.x
        rightsubnet=y.y.y.y/32
        rightxauthserver=yes
        keyingtries=0
        auto=start
        auth=esp
        authby=secret
        esp=3des-sha1-96
        pfs=no


Can anyone tell me if 2.3.x should work/support my configuration?

thanks,

Bas


-- 
Two can dig a lot quicker than one, you are not digging.