[Openswan Users] freeswan client and Netscreen
Sascha.Grau at Stud.Tu-Ilmenau.De
Sascha.Grau at Stud.Tu-Ilmenau.De
Fri Jan 21 14:45:46 CET 2005
> Where i want to restart ipsec i received a message:
> /sbin/service ipsec stop
> ipsec_setup: (/etc/ipsec.conf, line 34) parameter is not within a section> --
> `stop' aborted
Did you comment a line in a conn section which was not the last line of it ? I got this error too.
So do not do:
conn test
foo1=bar1
# foo2=bar2
foo3=bar3
Instead set the comment to the end. I think the line will be cleared during parsing and Openswan
will handle it at the end of the conn section.
> 9) If you have successfully connected client freeswan/openswan
> with Netscreen 5GT can you send me right config file for freeswan ?
I am operating Openswan-2.3.0 with a Netscreen208 device. All works fine except some issues using
xauth (rekeying issue) or xauth/mode-cfg (netscreen shows non-standard behaviour).
The posted parts of your config seem ok.
> 10) Windows client work properly with Netscreen.
> I use aggressive mode and psk and seed.
>
> I know that freeswan do not support
> aggressive mode and i can reconfigure nestcreen for main mode
Use the current Openswan version instead, it supports Aggressive Mode. But there are some rekeying
problems with it.
Do NOT use PSK+Main Mode in Roadwarrior setups.
Sascha Grau
More information about the Users
mailing list