[Openswan Users] Openswan manual key config

Tang Yiming-WKNT47 yiming.tang at motorola.com
Thu Dec 13 02:39:19 EST 2007


For some testing purpose, I have to config ipsec to use maual keying.
Below is the ipsec.conf I use. After start ipsec, I use "ipsec auto --up
test" but it reports connection test not found error. If I add
auto=start in ipsec.conf, the connection can be started, but it always
start with IKE instead of manual keying. Did I do anything wrong in the
configuration? Thanks a lot in advance
 
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006/10/19 03:49:46 paul Exp $
 
# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
 

version 2.0 # conforms to second version of ipsec.conf specification
 
# basic configuration
config setup
 # plutodebug / klipsdebug = "all", "none" or a combation from below:
 # "raw crypt parsing emitting control klips pfkey natt x509 private"
 # eg: plutodebug="control parsing"
 #
 # ONLY enable plutodebug=all or klipsdebug=all if you are a developer
!!
 #
 # NAT-TRAVERSAL support, see README.NAT-Traversal
 # nat_traversal=yes
 # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
 #
 # enable this if you see "failed to find any available worker"
 #nhelpers=0
 #myid=@lefthost <mailto:myid=@lefthost> 
 interfaces="ipsec0=eth0"
# Add connections here
conn test
 left=192.168.0.100
 leftid=@lefthost <mailto:leftid=@lefthost> 
 right=192.168.0.101
 rightid=@righthost <mailto:rightid=@righthost> 
 spi=234
 esp=3des-md5-96
 espenckey=0x74545745_53fdab78_72306395_cde63499_65345230_a5163490
 espauthkey=0x62454545_0ab62347_19450485_b7364340
 
# sample VPN connections, see /etc/ipsec.d/examples/
 
#Disable Opportunistic Encryption
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071213/74e5c36a/attachment.html 


More information about the Users mailing list