[Openswan Users] config problem

Paul Wouters paul at xelerance.com
Tue Aug 23 17:13:27 CEST 2005


On Tue, 23 Aug 2005, Szentmarjay Tibor wrote:

> Peer : xx.yyy.zz.vvv
> Phase 1 parameters:
>        encryption algorithm:   Three key triple DES
>        hash algorithm:         Secure Hash Standard (SHA)
>        authentication method:  Pre-Shared Key
>        Diffie-Hellman group:   5 (1536 bit)
>        lifetime:               18000 seconds, no volume limit
>        Preshared key.
>
> Phase 2 parameters:
>        Security association lifetime: 4608000 kilobytes/3600 seconds
>        PFS: Y
>        Diffie-Hellman group:  5
>        Transform set:  esp-3des esp-sha-hmac
>
> Now I use this config file with Openswan 2.3.1, please correct me, if there 
> is something wrong, because the connection won't set up:

> conn othernet
>    left=my.ip.add.ress
>    leftsubnet=my.ip.add.0/24
>    leftnexthop=%defaultroute
>    right=xx.yyy.zz.vvv
>    rightsubnet=xx.yyy.zz.0/24
>    rightnexthop=%defaultroute
>    keyingtries=0
>    pfs=yes
>    auth=esp                    # vagy ah
>    auto=start
>    ike=3des-md5-modp1024
>    esp=3des-md5

You are missing authby=secret

Paul
-- 

"With Data mining, we can search specifically for clues"

--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension


More information about the Users mailing list