[Openswan Users] Testconfig with Openswan 2.1.5 on Suse 9.1
not working
Paul Wouters
paul at xelerance.com
Fri Sep 17 17:08:16 CEST 2004
On Fri, 17 Sep 2004, David Clymer wrote:
>> I would like to establish a connection with a simple preshared key,
>> so I would have to use manual keying, right?
>
> no.
I owuld actually as far as to say: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
> Example for debian GNU/Linux kernel 2.4.26 & openswan 2.1.3.
>
> ipsec.conf:
>
> # PSK connection
> conn pskconn
> # general options
> type=tunnel
> keyexchange=ike
> pfs=yes
> authby=secret
And NOOOOOOOOOOOOOo here too!
A basic example.
Machine 1: IP 1.2.3.4
Machine 2: IP 5.6.7.8
conn test
left=1.2.3.4
right=5.6.7.8
authby=rsasigkey
leftrsasigkey=0sA.......
rightrsasigkey=0sA.......
auto=start
You can obtain the left/right rsasig key entries using showhostkey.
On machine 1 type: ipsec showhostkey --left
on machine 2 type: ipsec showhostkey --right
Stop both ends. Put this connection definition in ipsec.conf on both
machines without editing. Restart both ends.
Avoid manual keying like the plague. Avoid presharedsecrets with a vengeance.
Paul
More information about the Users
mailing list