[Openswan Users] openswan Side to Side config

E0x samudhio at gmail.com
Sat Jun 9 12:29:41 EDT 2007 

Hello all i am new using openswan and  i have this situation:

openswan.i386                            2.1.5-1fc2

OS:                                           Centos 4.5

kernel:                                       2.6.9-42.0.3.EL

i have to do a side to side config with another company but i dont sure what
are they using i guess is a something like a pix
cisco because the info that they give for the encryptation method that i can
choose

i choose this method:
Phase 1 IKE Properties:

Key Exchange: 3DES
Data Integrity : MD5
Renegotiate IKE SA: 1440 seconds
DH-Group : Group  2 ( 1024 )
Use Agressive Mode: Disable

Phase 2 IPsec Properties:

Data Encryption : 3DES
Data Integrity : MD5
Perfect Forward Secrecy: Disabled
Renegotiate :  IPSEC SA`s Every : 3600 Seconds
Support Site to Site Compression : Disabled

other settings : pre-share secrets must be at least 10 alpha/numeric
characters long. also, they can only be exchanged in a secure manner

====End====


now in my site i have only one interface ( eth0 ) with 6 public ip ( alias
interface) ( eth0:1 . eth0:2...etc )
and i config openswan like this :
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=all
        # plutodebug=dns

conn tunnelipsec
        type=           tunnel
        authby=         secret
        #RRT
        left=           one_of_My_Public_IP
        leftsubnet=     network-public_ip/24 <http://66.232.119.0/24>
        leftnexthop=    %defaultroute
        #SAA
        right=          the_another_company_ip
        rightsubnet=    where_i_put_the_Same_IP_that_Above
        rightnexthop=   %defaultroute
        esp=            3des-md5
        keyexchange=    ike
        pfs=            no
        auto=           start

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


=======end=======

now they will give me a key when i am ready for the test i guest the key is
config in /etc/ipsec.secrets

so my question is : i know openswan is for connect to private network trough
internet but how i can do that if in my case i dont have a private network ?
what i need put in the leftsubnet: option ? i need asking for the subnet of
another company too for set in some ipsec interface that will create with i
connect ?

thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070609/7ad7c60f/attachment.html

More information about the Users mailing list