[Openswan Users] Nat traversal & Cisco Pix

[Jeroen Geusebroek]

Hi there,

I'm trying to accomplish a vpn tunnel between my home and work network.

---

Home: SuSe 9.1 (2.6.5-7.111.30)/openswan-2.3.0/router with udp 500/4500 and
ESP forwarded 
to the SuSe machine.

192.168.10.0/24

Work: Cisco Pix 6.3(1) no natting.

192.168.20.0/24

---

The router I have is actually also a cisco (827) and I can without any
problems create a VPN 
between home and work. But because of the slow CPU of the 827 I can only
have 40kb/s using 3DES 
and 80kb/s using DES. This is why I would love to try openswan to manage the
VPN connections.

The CISCO pix supports NAT-T and I have it enabled so that (I hope) should
not be a problem.

Pix conf:

access-list home permit ip 192.168.20.0 255.255.255.0 192.168.10.0
255.255.255.0
access-list home permit ip 192.168.10.0 255.255.255.0 192.168.20.0
255.255.255.0

crypto ipsec transform-set vpnset2 esp-3des esp-sha-hmac

crypto map vpnmap1 300 ipsec-isakmp
crypto map vpnmap1 300 match address home
crypto map vpnmap1 300 set peer ***.***.***.***
crypto map vpnmap1 300 set transform-set vpnset2

isakmp key ******** address ***.***.***.*** netmask 255.255.255.255 no-xauth

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

I have tried some configurations for openswan but can't get it to work and
was
wondering if someone could help me with the config for openswan. To be
honest,
I have little or no clue about ipsec, but I am trying to learn which is why
i
would like this server to be working ;)

Thanks,


Jeroen Geusebroek