[Openswan Users] How do i set this up:

Magnus Holmberg magnus.holmberg at pepto.se
Fri Jan 26 13:30:23 EST 2007 

Sorry. my mistake. Seems to work except I get:

Jan 26 19:27:04 fw pluto[2286]: added connection description "pix"
Jan 26 19:27:04 fw pluto[2286]: "pix" #1: initiating Main Mode
Jan 26 19:27:04 fw ipsec__plutorun: 104 "pix" #1: STATE_MAIN_I1: initiate
Jan 26 19:27:04 fw ipsec__plutorun: ...could not start conn "pix"
Jan 26 19:27:04 fw pluto[2286]: "pix" #1: ignoring informational 
payload, type INVALID_ID_INFORMATION
Jan 26 19:27:04 fw pluto[2286]: "pix" #1: received and ignored 
informational message

What does this mean?

Magnus Holmberg skrev:
> Howerver it don't seem to like:
>
> ike="3des-md5-modp1024"
>
>
>
>
> Mike Horn skrev:
>   
>> Hi Magnus,
>>
>> Here is a rough connection definition that you could add to the end of your
>> /etc/ipsec.conf file for this connection.  Since you didn't specify
>> information like IP addresses, you'll have to fill in the "left",
>> "leftsubnet", "right", and "rightsubnet" values based on your configuration.
>>
>> conn remote-pix
>> 	left=<YOUR IPSEC IP>
>> 	leftsubnet=<LOCAL IP SUBNET TO ENCRYPT>
>> 	right=<PEER IPSEC IP>
>> 	rightsubnet=<REMOTE IP SUBNET TO ENCRYPT>
>> 	authby=secret
>> 	ike="3des-md5-modp1024"
>> 	ikelifetime=86400s
>> 	esp="3des-md5"
>> 	keylife=3600s
>> 	pfs=no
>> 	auto=start
>>
>> The above assumes you are using pre-shared secrets.  You will also need to
>> add an entry to /etc/ipsec.secrets that matches the secret for this
>> connection.  Here's an example you could add to the top of the ipsec.secrets
>> file.
>>
>> <YOUR IPSEC IP> <PEER IPSEC IP> : PSK "thisismykey"
>>
>> Make sure the value you put in the "thisismykey" matches what you configured
>> on the PIX.  After you make these changes, restart ipsec (/etc/init.d/ipsec
>> restart).  You can monitor /var/log/secure and /var/log/messages for issues
>> in the IKE / IPsec negotiations.
>>
>> Finally, there is a configuration example on the Openswan wiki for
>> Net-to-Net connections:
>>
>> http://wiki.openswan.org/index.php/Openswan/Configure 
>>
>> Good luck!
>>
>> -mike
>>
>>   
>>     
>>> -----Original Message-----
>>> From: users-bounces at openswan.org 
>>> [mailto:users-bounces at openswan.org] On Behalf Of Magnus Holmberg
>>> Sent: Friday, January 26, 2007 4:36 AM
>>> To: Users at openswan.org
>>> Subject: [Openswan Users] How do i set this up:
>>>
>>> The remote part say that i should have:
>>>
>>> Phase1:  Key Exchange 3Des Data Integrity MD5 DH Group2 (1024 
>>> bit) Dont use aggresive mode. LifeTime 1440 Min
>>>
>>> Phase2:  Key Exchange 3Des Data Integrity MD5 DH Group2 (1024 
>>> bit) Dont use Perfect Security LifeTime 3600 seconds
>>>
>>> It also say that pix firewalls must have crypto-map: 
>>> security/-association liftetime seconds 3600
>>>
>>> What do i put in my ipsec.cof
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users at openswan.org
>>> http://lists.openswan.org/mailman/listinfo/users
>>> Building and Integrating Virtual Private Networks with Openswan: 
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
>>> 7?n=283155
>>>
>>>
>>>     
>>>       
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan: 
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>   
>>     
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list