[Openswan Users] How do i set this up:

Magnus Holmberg magnus.holmberg at pepto.se
Fri Jan 26 13:24:24 EST 2007


Thanks a lot:

There were mostly those values i needed i think:

    ike="3des-md5-modp1024"
    ikelifetime=86400s
    esp="3des-md5"
    keylife=3600s

BR

Magnus.

Mike Horn skrev:
> Hi Magnus,
>
> Here is a rough connection definition that you could add to the end of your
> /etc/ipsec.conf file for this connection.  Since you didn't specify
> information like IP addresses, you'll have to fill in the "left",
> "leftsubnet", "right", and "rightsubnet" values based on your configuration.
>
> conn remote-pix
> 	left=<YOUR IPSEC IP>
> 	leftsubnet=<LOCAL IP SUBNET TO ENCRYPT>
> 	right=<PEER IPSEC IP>
> 	rightsubnet=<REMOTE IP SUBNET TO ENCRYPT>
> 	authby=secret
> 	ike="3des-md5-modp1024"
> 	ikelifetime=86400s
> 	esp="3des-md5"
> 	keylife=3600s
> 	pfs=no
> 	auto=start
>
> The above assumes you are using pre-shared secrets.  You will also need to
> add an entry to /etc/ipsec.secrets that matches the secret for this
> connection.  Here's an example you could add to the top of the ipsec.secrets
> file.
>
> <YOUR IPSEC IP> <PEER IPSEC IP> : PSK "thisismykey"
>
> Make sure the value you put in the "thisismykey" matches what you configured
> on the PIX.  After you make these changes, restart ipsec (/etc/init.d/ipsec
> restart).  You can monitor /var/log/secure and /var/log/messages for issues
> in the IKE / IPsec negotiations.
>
> Finally, there is a configuration example on the Openswan wiki for
> Net-to-Net connections:
>
> http://wiki.openswan.org/index.php/Openswan/Configure 
>
> Good luck!
>
> -mike
>
>   
>> -----Original Message-----
>> From: users-bounces at openswan.org 
>> [mailto:users-bounces at openswan.org] On Behalf Of Magnus Holmberg
>> Sent: Friday, January 26, 2007 4:36 AM
>> To: Users at openswan.org
>> Subject: [Openswan Users] How do i set this up:
>>
>> The remote part say that i should have:
>>
>> Phase1:  Key Exchange 3Des Data Integrity MD5 DH Group2 (1024 
>> bit) Dont use aggresive mode. LifeTime 1440 Min
>>
>> Phase2:  Key Exchange 3Des Data Integrity MD5 DH Group2 (1024 
>> bit) Dont use Perfect Security LifeTime 3600 seconds
>>
>> It also say that pix firewalls must have crypto-map: 
>> security/-association liftetime seconds 3600
>>
>> What do i put in my ipsec.cof
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
>> 7?n=283155
>>
>>
>>     
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   



More information about the Users mailing list