[Openswan Users] Hello world..:)
Paul Wouters
paul at xelerance.com
Tue Jan 31 16:18:34 CET 2006
On Tue, 31 Jan 2006, acidburn at vivonet.lv wrote:
> Hi, I'm a total newbie in IPSec and ISKMP things.
> So.. I have OpenSwan installed on Gentoo.
> I need to make a tunnel to a mobile operator.
> The operator sent me the needed requirements for customer's IPSec/IKE software (given in terms of according RFC's)
> Could You please help me to generate the ipsec.conf for these parameters?
>
> ISAKMP SA Main Mode ON
> ISAKMP SA Aggressive Mode OFF
> ISAKMP SA Authentication PRESHARED SECRET
> ISAKMP SA Cypher 3DES CBC
> ISAKMP SA Hash function MD5
> ISAKMP SA Diffie Hellman group 2
> ISAKMP SA SA lifetime (hours) 4
> IPSec SA encryption/authenti ESP
> IPSec SA Mode QUICK
> IPSec SA Cypher 3DES CBC
> IPSec SA Hash Function MD5
> IPSec SA Perfect Forward Secrecy OFF
> IPSec SA Lifetime (hours) 1
That should all work in standard settings. the only specific things you need is:
pfs=no
authby=secret
Paul
More information about the Users
mailing list