[Openswan Users] Openswan Linux Client to SonicWall Windows Server.
Paul Wouters
paul at xelerance.com
Wed Sep 27 10:51:08 EDT 2006
On Wed, 27 Sep 2006, Bas Driessen wrote:
> Going through the lists, I found out that DES is not supported by
> default in OpenSwan, so I have re-compiled the package by setting the
> USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line
> to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.
> All compiles OK. I know that 3DES is better etc, but this is out of my
> control. I have to get it to work with the current setup.
You might also need to set USE_BROKEN=yes
3DES is not "better". 1DES is trivially brute forced. You have no VPN. You
better make sure your boss knows that, and gets it in writing, so that
you can blame management for this unwise decision.
> left=%defaultroute
> leftsubnet=192.168.1.0/24
> leftid=192.168.1.13
> sonicwall.secrets
>
> 192.168.1.13 66.nnn.nnn.nnn : PSK "abcdef"
If your ip is actually 192.168.1.13 you cannot tunnel 192.168.1.0/24.
you cannot be at two places at once.
Paul
More information about the Users
mailing list