[Openswan Users] Hello world..:)
acidburn at vivonet.lv
acidburn at vivonet.lv
Wed Feb 1 12:40:56 CET 2006
Ok. Thanks!
Now I'm getting such a problem in my log file:
Feb 1 12:37:45 zelts pluto[28535]: packet from dest-IP:500: phase 1 message is part of an unknown exchange
But the ISAKMP SA un IPSec SA are established.
On Tue, 31 Jan 2006 16:18:34 +0100 (CET), Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 31 Jan 2006, acidburn at vivonet.lv wrote:
>
>> Hi, I'm a total newbie in IPSec and ISKMP things.
>> So.. I have OpenSwan installed on Gentoo.
>> I need to make a tunnel to a mobile operator.
>> The operator sent me the needed requirements for customer's IPSec/IKE
> software (given in terms of according RFC's)
>> Could You please help me to generate the ipsec.conf for these
> parameters?
>>
>> ISAKMP SA Main Mode ON
>> ISAKMP SA Aggressive Mode OFF
>> ISAKMP SA Authentication PRESHARED SECRET
>> ISAKMP SA Cypher 3DES CBC
>> ISAKMP SA Hash function MD5
>> ISAKMP SA Diffie Hellman group 2
>> ISAKMP SA SA lifetime (hours) 4
>> IPSec SA encryption/authenti ESP
>> IPSec SA Mode QUICK
>> IPSec SA Cypher 3DES CBC
>> IPSec SA Hash Function MD5
>> IPSec SA Perfect Forward Secrecy OFF
>> IPSec SA Lifetime (hours) 1
>
> That should all work in standard settings. the only specific things you
> need is:
> pfs=no
> authby=secret
>
> Paul
More information about the Users
mailing list