[Openswan Users] Hello world..:)

acidburn at vivonet.lv acidburn at vivonet.lv
Wed Feb 1 12:40:56 CET 2006


Ok. Thanks!

Now I'm getting such a problem in my log file:

Feb  1 12:37:45 zelts pluto[28535]: packet from dest-IP:500: phase 1 message is part of an unknown exchange

But the ISAKMP SA un IPSec SA are established.




On Tue, 31 Jan 2006 16:18:34 +0100 (CET), Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 31 Jan 2006, acidburn at vivonet.lv wrote:
> 
>> Hi, I'm a total newbie in IPSec and ISKMP things.
>> So.. I have OpenSwan installed on Gentoo.
>> I need to make a tunnel to a mobile operator.
>> The operator sent me the needed requirements for customer's IPSec/IKE
> software (given in terms of according RFC's)
>> Could You please help me to generate the ipsec.conf for these
> parameters?
>>
>> ISAKMP SA Main Mode            ON
>> ISAKMP SA Aggressive Mode      OFF
>> ISAKMP SA Authentication       PRESHARED SECRET
>> ISAKMP SA Cypher               3DES CBC
>> ISAKMP SA Hash function        MD5
>> ISAKMP SA Diffie Hellman group 2
>> ISAKMP SA SA lifetime (hours)  4
>> IPSec SA encryption/authenti   ESP
>> IPSec SA Mode                  QUICK
>> IPSec SA Cypher                3DES CBC
>> IPSec SA Hash Function         MD5
>> IPSec SA Perfect Forward Secrecy OFF
>> IPSec SA Lifetime (hours)      1
> 
> That should all work in standard settings. the only specific things you
> need is:
> pfs=no
> authby=secret
> 
> Paul



More information about the Users mailing list