[Openswan Users] Help for configuration
steve.morard at epfl.ch
steve.morard at epfl.ch
Mon Apr 23 10:22:18 EDT 2007
Dear all,
I'm new to openswan and I'm trying to configure it. I got the following
information from the gateway I have to open an IPSec tunnel with:
Authentication Method : Pre-Shared Secret
Encryption Schema IKE
Perfect Forward Secrecy-IKE : Diffie-Hellman Group 2
Encryption Algorithm: AES128
Hashing Algorith: SHA-1/MD5
Renegotiation of IKE SA : 86400 seconds
IPSec : ESP
Perfect Forward Secrecy-IPSEC: Diffie-Hellman Group 2
Encryption Algorithm: AES128/3DES
Hashing Algorithm IPSec: SHA-1/MD5
Renegotiation of IPSec SA: 3600 seconds
My /etc/ipsec.conf looks like this
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=all
# plutodebug=dns
# Add connections here.
# sample VPN connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
left=x.x.x.x
leftnexthop=%defaultroute
# Right security gateway, subnet behind it, next hop toward left.
right=y.y.y.y
rightnexthop=%defaultroute
ike=aes128-md5;aes128-sha1
esp=aes128-sha1;aes128-md5;3des-sha1;3des-md5
ikelifetime=1d
keylife=1h
# To authorize this connection, but not actually start it, at startup,
auto=start
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
Is there something wrong or something missing in this configuration file
according to the details that I got ?
Thanks a lot
More information about the Users
mailing list