[Openswan Users] ipsec.secrets

Bastien Rocheron bastien.rocheron at free.fr
Fri May 7 23:42:46 CEST 2004


this is the ipsec.conf for the linux host :

version 2.0     # conforms to second version of ipsec.conf specification

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        #plutoload=%search
        #plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        compress=no
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=192.168.1.0/24
        also=roadwarrior

conn roadwarrior
        left=192.168.1.10
        leftcert=host.mynet.net.pem
        #right=%defaultroute
        right=192.168.1.1
        rightcert=gateway.mynet.net.pem
        auto=start
        pfs=yes


conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore




and this is the ipsec.conf for the gateway :

version 2.0     # conforms to second version of ipsec.conf specification


config setup
        interfaces="ipsec0=eth2"
        klipsdebug=none
        plutodebug=none
        #plutoload=%search
        #plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=1
        compress=no
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-allnet
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        right=%any
        left=192.168.1.1
        leftcert=gateway.mynet.net.pem
        auto=add
        pfs=yes

conn packetdefault
        auto=ignore

conn block
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn private-or-clear
        auto=ignore

conn private
        auto=ignore




Fri, 7 May 2004 12:58:52 -0500 (CDT)
Nate Carlson <natecars at natecarlson.com> Message original :

> On Fri, 7 May 2004, Bastien Rocheron wrote:
> > I found the logs and they are very interesting, they tell us
> > ipsec.secrets is understood by both the gateway with frees/wan and the
> > linux user with openswan. They also say on the gateway that there is no
> > public key to verify the linux host but I copied the .pem file for the
> > host in certs/ and even in ipsec.d/ on the gateway to make sure and the
> > winXP .pem file is only in certs/ on the gateway and it works well for
> > it. May be there are different formats for authentication?
> 
> Can you show us your ipsec.conf from each end?
> 
> ------------------------------------------------------------------------
> | nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
> |       depriving some poor village of its idiot since 1981            |
> ------------------------------------------------------------------------
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 

Bastien Rocheron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040507/f3443e06/attachment.bin


More information about the Users mailing list