[Openswan Users] ipsec.secrets
Bastien Rocheron
bastien.rocheron at free.fr
Fri May 7 23:42:46 CEST 2004
this is the ipsec.conf for the linux host :
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
#plutoload=%search
#plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
compress=no
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.1.0/24
also=roadwarrior
conn roadwarrior
left=192.168.1.10
leftcert=host.mynet.net.pem
#right=%defaultroute
right=192.168.1.1
rightcert=gateway.mynet.net.pem
auto=start
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
and this is the ipsec.conf for the gateway :
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=eth2"
klipsdebug=none
plutodebug=none
#plutoload=%search
#plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
compress=no
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-allnet
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
right=%any
left=192.168.1.1
leftcert=gateway.mynet.net.pem
auto=add
pfs=yes
conn packetdefault
auto=ignore
conn block
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn private-or-clear
auto=ignore
conn private
auto=ignore
Fri, 7 May 2004 12:58:52 -0500 (CDT)
Nate Carlson <natecars at natecarlson.com> Message original :
> On Fri, 7 May 2004, Bastien Rocheron wrote:
> > I found the logs and they are very interesting, they tell us
> > ipsec.secrets is understood by both the gateway with frees/wan and the
> > linux user with openswan. They also say on the gateway that there is no
> > public key to verify the linux host but I copied the .pem file for the
> > host in certs/ and even in ipsec.d/ on the gateway to make sure and the
> > winXP .pem file is only in certs/ on the gateway and it works well for
> > it. May be there are different formats for authentication?
>
> Can you show us your ipsec.conf from each end?
>
> ------------------------------------------------------------------------
> | nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
> | depriving some poor village of its idiot since 1981 |
> ------------------------------------------------------------------------
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
Bastien Rocheron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20040507/f3443e06/attachment.bin
More information about the Users
mailing list