[Openswan Users] Cisco Concentrator 3005 to Openswan

Paul Wouters paul at xelerance.com
Mon Jun 11 10:52:58 EDT 2007


On Mon, 11 Jun 2007, ACasella wrote:

> I am now trying to connect an openswan server that I control to what I
> am told is a Cisco 3005 concentrator.
>
> I am using Linux Openswan U2.4.5/K2.6.20-1.2948.fc6 (netkey)
>
> I was given the following information from the Cisco Admin:
>
> # Public IP address of our VPN Concentrator - 137.186.xxx.xxx
> # SA used - ESP-3DES-MD5
> # Username - Some_Username
> # Password - somepassword

That probably means XAUTH.

> I set up my .conf file as follows:
>
> conn host-to-host
>     type=tunnel
>     authby=secret
>     left=72.55.yyy.yyy
>     leftnexthop=%defaultroute
>     right=137.186.xxx.xxx
>     rightnexthop=%defaultroute
>     ike=3des-md5-modp1024
>     esp=3des-md5
>     keyexchange=ike
>     pfs=yes
>     auto=add

Which is missing from the configuration here.

> In my ipsec.secrets I have:
>
> 72.55.yyy.yyy 137.186.xxx.xxx : PSK "somepassword"

Either you will have an X.509 certificate, or you will also need
to ask the PSK.

> I don't know where to place the "username" so I ran ipsec auto --up
> host-to-host to see the outcome.

It should be the xauth parameter. See man ipsec.conf

Paul


More information about the Users mailing list