[Openswan Users]

Ted Kaczmarek tedkaz at optonline.net
Thu Aug 18 09:51:49 CEST 2005


On Thu, 2005-08-18 at 14:22 +0200, Heinz Mezera wrote:
> Hello reader,
> 
> I'd like to setup the following connection and as a newbie I'm lost with 
> the ipsec.conf; help appreciated.
> 
> Both ends run Openswan, the VPN gateway to my "Home-LAN" is "Linux 
> Openswan U1.0.7/K1.0.9" and the other end is a version 2.x
> 
> Home-LAN gateway has a fixed external IP (80.108.217.166), the network 
> behind is 192.16.0.0/16.
> The other end is a HW router (US Robotics Model 8000-02) with a fixed 
> external IP as well and the PC behind is 10.0.0.109.
> 
> I'm not sure if the above mentioned router is able to do what I need, 
> but I'm willing to buy a new one if necessary. The built in Web-setup 
> offers a virtual server "forwarding" for VPN/ipsec.
> 
> Could a kind soul please send a detailed ipsec.conf (ipsec.secrets will 
> use PSK for start) to get me up and running or name a router model that 
> will work as expected.
> 
> Best regards from Vienna, Austria
> Heinz

I personally have had OpenSwan interop with all Cisco routers, Pix'es
and Vpn concentrators, Checkpoint's Firewall 1, Netscreen and Watchguard
using PSK.

Cisco Pix example, look up the options in the man page. I tend to add a
lot of defaults that would be hidden in most of my configs for clarity.

The ipsec.conf

conn cisco-pix
        type=          tunnel
        left=          119.67.80.1
        leftsubnet=    192.168.201.64/26
        leftnexthop=   %defaultroute
        right=         85.19.27.13
        rightnexthop=  85.19.27.14
        rightsubnet=   10.100.1.0/25
        esp=           3des-md5-96
        keyexchange=   ike
        authby=        secret
        keylife=       1h
        pfs=           no
        auto=          start


The ipsec.secrets

119.67.80.1 85.19.27.13: PSK "w3l0v3th3sw at n"

If you are having problems, ipsec barf as well as tcpdump will help.
Start simple and build your config up.

Ted



More information about the Users mailing list