[Openswan Users] Testconfig with Openswan 2.1.5 on Suse 9.1 not
working
Ted Kaczmarek
tedkaz at optonline.net
Fri Sep 17 18:02:27 CEST 2004
On Fri, 2004-09-17 at 10:08, Paul Wouters wrote:
> On Fri, 17 Sep 2004, David Clymer wrote:
>
> >> I would like to establish a connection with a simple preshared key,
> >> so I would have to use manual keying, right?
> >
> > no.
>
> I owuld actually as far as to say: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
>
> > Example for debian GNU/Linux kernel 2.4.26 & openswan 2.1.3.
> >
> > ipsec.conf:
> >
> > # PSK connection
> > conn pskconn
> > # general options
> > type=tunnel
> > keyexchange=ike
> > pfs=yes
> > authby=secret
>
> And NOOOOOOOOOOOOOo here too!
>
>
> A basic example.
>
> Machine 1: IP 1.2.3.4
> Machine 2: IP 5.6.7.8
>
> conn test
> left=1.2.3.4
> right=5.6.7.8
> authby=rsasigkey
> leftrsasigkey=0sA.......
> rightrsasigkey=0sA.......
> auto=start
>
> You can obtain the left/right rsasig key entries using showhostkey.
> On machine 1 type: ipsec showhostkey --left
> on machine 2 type: ipsec showhostkey --right
>
> Stop both ends. Put this connection definition in ipsec.conf on both
> machines without editing. Restart both ends.
>
> Avoid manual keying like the plague. Avoid presharedsecrets with a vengeance.
>
> Paul
> _______________________________________________
Interop without pre shared keys?
You mean for Linux to Linux setups I presume.
Ted
More information about the Users
mailing list