[Openswan Users] freeswan client and Netscreen

[Paul Wouters]

On Fri, 21 Jan 2005, danilov wrote:

> 3) I can't get freeswan-rpmsign.asc contents from ftp site
> browser says that .../2-4.20-8/freeswan-rpmsign.asc : No such file or directory

The freeswan project has ended. I really recommend switching to openswan. I am
not sure about all the states of the websites and ftp sites for it.

> 5) Install from RPMS:
>  rpm -ivh freeswan*.rpm
> ÐÒÅÄÕÐÒÅÖÄÅÎÉÅ: freeswan-module-2.06_2.4.20_8-0.i386.rpm: ÐÏÄÐÉÓØ RSA/MD5 V3:
> NOKEY, key ID 5a7e4731
> ðÏÄÇÏÔÏ×ËÁ...     ########################################### [100%]
>         ÐÁËÅÔ freeswan-module-2.06_2.4.20_8-0 ÕÖÅ ÕÓÔÁÎÏ×ÌÅÎ
>         ÐÁËÅÔ freeswan-userland-2.06_2.4.20_8-0
> 7) Verify:
> /usr/local/sbin/ipsec verify

do the rpms install in /usr/local and not in /usr? Just checking to make sure
you don't mix two installations.

> I think that everything ok because i can not use OE

Yes, but make sure you disable the OE conns.

> ipsec_setup: (/etc/ipsec.conf, line 34) parameter is not within a section --
> `stop' aborted

Unfortunately, ipsec.conf is sensitive to empty lines and tabs. Please make sure
you don't have empty lines in one conn section.

> I know that freeswan do not support 
> aggressive mode and i can reconfigure nestcreen for main mode

It is *always* better to use main mode. I would switch to main mode where ever
you can.

> 11) If it is interesting for you i can
> give public address of Netscreen device and him config.

If you have a working configuration, I'd be interested in the config/dump and/or
screenshots.

Paul