[Openswan Users] config problem
Paul Wouters
paul at xelerance.com
Tue Aug 23 17:13:27 CEST 2005
On Tue, 23 Aug 2005, Szentmarjay Tibor wrote:
> Peer : xx.yyy.zz.vvv
> Phase 1 parameters:
> encryption algorithm: Three key triple DES
> hash algorithm: Secure Hash Standard (SHA)
> authentication method: Pre-Shared Key
> Diffie-Hellman group: 5 (1536 bit)
> lifetime: 18000 seconds, no volume limit
> Preshared key.
>
> Phase 2 parameters:
> Security association lifetime: 4608000 kilobytes/3600 seconds
> PFS: Y
> Diffie-Hellman group: 5
> Transform set: esp-3des esp-sha-hmac
>
> Now I use this config file with Openswan 2.3.1, please correct me, if there
> is something wrong, because the connection won't set up:
> conn othernet
> left=my.ip.add.ress
> leftsubnet=my.ip.add.0/24
> leftnexthop=%defaultroute
> right=xx.yyy.zz.vvv
> rightsubnet=xx.yyy.zz.0/24
> rightnexthop=%defaultroute
> keyingtries=0
> pfs=yes
> auth=esp # vagy ah
> auto=start
> ike=3des-md5-modp1024
> esp=3des-md5
You are missing authby=secret
Paul
--
"With Data mining, we can search specifically for clues"
--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension
More information about the Users
mailing list