[Openswan Users] Aggressive Mode + Email Identity
(netscreen-remote)
Paul Wouters
paul at xelerance.com
Tue May 10 21:26:29 CEST 2005
On Tue, 10 May 2005, S. Hermet wrote:
> furthermore I have a xauth login/password.
>
> here is my ipsec.conf, ipsec.secrets store its key.
>
> conn customerB
> keyexchange=ike
> # rightid=Me at customerB # here ??
> left=134.109.66.42
> leftsubnet=109.133.0.0/16
> leftid="E=Me at customerB" ## is it useful ??
> # MY DEBIAN...
> right=134.6.124.215
> rightsubnet=192.168.20.1/32
> authby=secret
> auth=esp
> esp=3des-sha1-96
> # PFS must be enabled, in aggressive mode, pfs key group =
> Diffie-hellman group 2
> pfs=yes
> aggrmode=yes
> ike=3des-sha1-modp1024
You need xauthclient= and xauthserver= settings. See:
openswan-2/doc/README.XAUTH
openswan-2/doc/README.XAUTHclient
Paul
More information about the Users
mailing list