paul at xelerance.com
Wed Jan 12 21:23:14 CET 2005
On Wed, 12 Jan 2005, Pabby wrote:
> VPN scheme: IKE
> Phase 1 authentication: Shared secret - this will be
> communicated over thephone at time of connection
>>> Phase 1 algorithm: Diffie-Hellman Group 2
>>> Phase 1 mode: Main
>>> Phase 1 lifetime: One day (1440minutes, or 86400
>>> Phase 2 perfect forward secrecy: No
> Phase 2 encapsulation: ESP
>>> Phase 2 lifetime: Eight hours (480 minutes, or
> 28800 seconds)
>>> Supports subnets: Yes
> I've attached my ipsec.conf file please help as my job
> is about to be lost on this. this is extremly
> important to me.
> config setup
Do NOT create empty lines or wrongly idented lines in the configuration file!
I hope this was the mailer wrapping and not your config file.
> conn %default
> # How persistent to be in (re)keying negotiations (0 means very).
> # Load all connection descriptions by default
> # Some will override this with auto=start
> authby=shared secret
Use authby=secret, not shared secret.
no empty line
Do not put auto= in your default section.
> conn con1
> # left security gateway
> # next hop to reach right
don't put empty options in a connection, comment them out instead.
> # subnet behind left (omit if there is no
> leftsubnet=<<clients subnet>>
> # right s.g., subnet behind it, and next hop to
> reach left
> right=<<my Server address>>
> # if using %defaultroute, skip rightnexthop
> rightnexthop=<<my Router address>
> rightsubnet=<<my subnet>>
I am missing: pfs=no
Also, if it fails, cehck /var/log/messages and /var/log/secure (or daemon or
auth depending on your distro) and give us the exact error message.
"At best it is a theory, at worst a fantasy" -- Michael Crichton
More information about the Users