[Openswan Users] Openswan Linux Client to SonicWall Windows Server.
bas.driessen at xobas.com
Wed Sep 27 19:43:09 EDT 2006
On Wed, 2006-09-27 at 16:51 +0200, Paul Wouters wrote:
> On Wed, 27 Sep 2006, Bas Driessen wrote:
> > Going through the lists, I found out that DES is not supported by
> > default in OpenSwan, so I have re-compiled the package by setting the
> > USE_WEAKSTUFF?=true flag in the Makefile.inc and also corrected the line
> > to WEAK_DEFS=-DUSE_VERYWEAK_DH1=1 -DUSE_1DES in the Makefile of Pluto.
> > All compiles OK. I know that 3DES is better etc, but this is out of my
> > control. I have to get it to work with the current setup.
> You might also need to set USE_BROKEN=yes
I have set this and the results are the same. If I perform a fgrep of
USE_BROKEN in all files of openswan, I do not get a match. So I have the
impression that this switch does not exist.
> 3DES is not "better". 1DES is trivially brute forced. You have no VPN. You
> better make sure your boss knows that, and gets it in writing, so that
> you can blame management for this unwise decision.
I have informed them already and it is maybe even wiser not to use
sonicwall at all ;) , but again it is out of my control. They may have
their reasons to use it. For the time being I just need to connect. I
had to setup a Windows box with this sonic client for the time being,
since I can't get openswan to work. This is a disappointing development.
> > left=%defaultroute
> > leftsubnet=192.168.1.0/24
> > leftid=192.168.1.13
> > sonicwall.secrets
> > 192.168.1.13 66.nnn.nnn.nnn : PSK "abcdef"
> If your ip is actually 192.168.1.13 you cannot tunnel 192.168.1.0/24.
> you cannot be at two places at once.
Have tried with leftsubnet=192.168.1.13/32 without success.
Also tried leaving out leftsubnet and leftid altogether. No success.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users