[Openswan Users] Testconfig with Openswan 2.1.5 on Suse 9.1 not working

Ted Kaczmarek tedkaz at optonline.net
Fri Sep 17 18:02:27 CEST 2004


On Fri, 2004-09-17 at 10:08, Paul Wouters wrote:
> On Fri, 17 Sep 2004, David Clymer wrote:
> 
> >> I would like to establish a connection with a simple preshared key,
> >> so I would have to use manual keying, right?
> >
> > no.
> 
> I owuld actually as far as to say: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
> 
> > Example for debian GNU/Linux kernel 2.4.26 & openswan 2.1.3.
> >
> > ipsec.conf:
> >
> > # PSK connection
> > conn pskconn
> >        # general options
> >        type=tunnel
> >        keyexchange=ike
> >        pfs=yes
> >        authby=secret
> 
> And NOOOOOOOOOOOOOo here too!
> 
> 
> A basic example.
> 
> Machine 1: IP 1.2.3.4
> Machine 2: IP 5.6.7.8
> 
> conn test
>  	left=1.2.3.4
>  	right=5.6.7.8
>  	authby=rsasigkey
>  	leftrsasigkey=0sA.......
>  	rightrsasigkey=0sA.......
>  	auto=start
> 
> You can obtain the left/right rsasig key entries using showhostkey.
> On machine 1 type: ipsec showhostkey --left
> on machine 2 type: ipsec showhostkey --right
> 
> Stop both ends. Put this connection definition in ipsec.conf on both
> machines without editing. Restart both ends.
> 
> Avoid manual keying like the plague. Avoid presharedsecrets with a vengeance.
> 
> Paul
> _______________________________________________

Interop without pre shared keys?

You mean for Linux to Linux setups I presume.

Ted





More information about the Users mailing list