[Openswan Users]
IPSec(IKE) interoperability between Linux and Windows2000 (help)
Vikas sarawat
sarawat_19 at hotmail.com
Wed Mar 9 13:35:28 CET 2005
Hello,
I am trying to bring up IPSec (using IKE) using 3DES and SHA1 ( both phase 1
and 20 between Windows and Linux. I am able to bring the IPSec association
up with configuration below when Windows is the ike phase 1 and 2 initiator,
however IpSec association don't come up if Linux initiates the IKE. When
Linux initiates the IKE phase 1 and 2, the negotiation hangs at phase2. I
was wondering if you guys have seen this problem and provide help with this.
############ipsec.conf################
flush;
spdflush;
spdadd 10.32.32.244 10.32.0.127 any -P out ipsec
esp/transport//require;
spdadd 10.32.0.127 10.32.32.244 any -P in ipsec
esp/transport//require;
#############################
##############racoon.conf#############
path pre_shared_key "/etc/racoon/psk.txt";
# path certificate "/etc/racoon/certs";
log debug4;
padding {
strict_check off;
}
timer {
counter 5;
interval 20 sec;
phase1 30 sec;
phase2 15 sec;
}
remote 10.32.0.127 {
exchange_mode main;
my_identifier address;
proposal_check obey;
lifetime time 360 seconds;
#doi ipsec_doi;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 300 seconds ;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1 ;
compression_algorithm deflate ;
}
################################
Thanks,
Vikas
More information about the Users
mailing list