[Openswan Users] re: Openswan Road warriors and Netscreen vpn
Paul Wouters
paul at xelerance.com
Wed Jun 22 01:15:54 CEST 2005
On Tue, 21 Jun 2005, Ric Stuebs wrote:
> We have a number of mobile users with linux laptops that would like to connect to our Netscreen 500 with OpenSwan. These particular users need to use PSK.
This is asking for a lot of trouble. mobile means users behind NAT and NAT-Traversal,
which does BOT go well with PSK's at all. Is your netscreen setup to do aggressive
instead of main mode? It would be preferable not to use that.
Did you upgrade to the latest ScreenOS?
An example config:
conn openswan-to-netscreen
authby=secret
aggrmode=yes
ike=3des-sha1-modp1024
left=%defaultroute
leftid=@openswan
right=1.2.3.4
rightsubnet=172.16.0.0/24
auto=start
ipsec.secrets:
1.2.3.4 @openswan : PSK "netscreen"
If that fails, use the webGUI to view the IPsec for errors
Paul
--
"I am not even supposed to be here today!" -- Clerics
More information about the Users
mailing list