[Openswan Users]
having extremly tough time configuring openswan----- Help needed
immediately
Pabby
pabby_s at yahoo.com
Wed Jan 12 00:57:09 CET 2005
hi,
I've got a tough time configuring openswan. Please
help.
client side stuff is
client gateway : a.b.c.d
client encryption domain: t.y.u.i
netmask:255.255.255.255
VPN scheme: IKE
Phase 1 authentication: Shared secret - this will be
communicated over thephone at time of connection
> > Phase 1 algorithm: Diffie-Hellman Group 2
> > Phase 1 mode: Main
> > Phase 1 lifetime: One day (1440minutes, or 86400
seconds)
> > Phase 2 perfect forward secrecy: No
Phase 2 encapsulation: ESP
> > Phase 2 lifetime: Eight hours (480 minutes, or
28800 seconds)
> > Supports subnets: Yes
I've attached my ipsec.conf file please help as my job
is about to be lost on this. this is extremly
important to me.
ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn %default
# How persistent to be in (re)keying negotiations
(0 means very).
keyingtries=0
# Load all connection descriptions by default
# Some will override this with auto=start
authby=shared secret
keyexchange=ike
auto=add
conn con1
# left security gateway
left=a.b.c.d
# next hop to reach right
leftnexthop=
# subnet behind left (omit if there is no
subnet)
leftsubnet=<<client’s subnet>>
# right s.g., subnet behind it, and next hop to
reach left
right=<<my Server address>>
# if using %defaultroute, skip rightnexthop
rightnexthop=<<my Router address>
rightsubnet=<<my subnet>>
auto=start
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
More information about the Users
mailing list