[Openswan Users] openswan-2.1.0rc1 + linux-2.6.4 + manual keying
to cisco 7200 ios 12.2
Niki Waibel
niki.waibel at newlogic.com
Fri Mar 26 10:42:02 CET 2004
> Niki> /etc/ipsec.secrets: 12.12.12.12 11.11.11.11: PSK
> Niki> "xxxxxxxxxxxxxxxx"
> Niki> # ipsec manual --iam 12.12.12.12 at eth:2 --up openswan_cisco
> Niki> be sufficient?
>
> No.
> Manually keying means setting all of the IPsec parameters yourself.
okay -- thought that could be done in the ipsec.conf file ...
> You'd do that with "ipsec spi" on Openswan w/KLIPS, and "setkey" on
> 26sec.
so i have to use setkey, because i use 2.6 with native ipsec.
> Nobody should be manually anything unless they are testing.
unfort i have to follow the requirements of a customer. fortunately it is their sec
problem. i just would like to do that with openswan.
> If you are setting something into ipsec.secrets, then you are doing
> automatic keying, using pre-shared secrets to authenticate.
oh -- i see. and the ipsec manual command is for configuring that "preshared authentication"
method, right?
the problem is that i have not got much information about all this (from the other
side of the vpn). i got the following:
vpn hardware : cisco 7200 ios 12.2 (ipsec+3des)
ip addr of vpn : a.b.c.d
auth method (preshared only): preshared key, exchanged over phone
transform set : 3des sha
dh group : group 1 (can negotiate)
isa lifetime : 86400 (cisco default)
addr of network : e.f.g.h/x
any hint, how i can get that running (using setkey?) or more info?
niki
More information about the Users
mailing list