[Openswan Users] Coping with a SonicWall policy file

Tremal Naik tremalnaik at gmail.com
Sat Oct 13 21:52:32 EDT 2007


Hello to this ML users, this is the first time I'm writing.
I'm installing Open Swan on Linux Debian since I have to connect to my
office VPN.
The only information they gave me is in the form of a SPD file. It
looks like a Windows registry configuration file.

I'd like to map this file into ipsec.conf in order to be able to
connect to the remote SW gateway. Do you know if there is a
resource/document that explain how to do this?

Another source of information is a screenshot of my settings, sent to
me as an image. From that I can see the following infos:

Incoming SPI: Hex num
Outgoing SPI: Hex num
Encryption method: ESP DES HMAC MD5
Encryption key: Hex num
Authentication key: Hex num

With reference to the wiki page found at

http://wiki.openswan.org/index.php/Openswan/SonicWall

I'd like to know how to extract the information needed from the above
policy file.

The info to include in the ipsec.secrets as well, are somewhat
confusing to me, since it looks that SW configuration requires more
than one key, an Encryption and an Authentication one. I report here
below some of the settings in the policy file hoping someone can find
a relation to the OpenSwan settings.



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\0]
"TREENAME"="Treename"
"GROUPID"="groupID"

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\1\MYID]
"PRESHR"=sequance of hex strings
"IKESADUR_SEC"=hex string

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\1\PH2PROPOSAL_0]
"INMANSPI"=hex string
"INMANESPENCRKEY"=hex string
"INMANESPHMACKEY"=hex string
"OUTMANSPI"=hex string
"OUTMANESPENCRKEY"=hex string
"OUTMANESPHMACKEY"=hex string

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\1\PROXYADDRESS]
"ADDR1"=hex string
"IPADDR"=same as ADDR1

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\1\REMOTEADDRESS]
"ADDR1"=hex string
"ADDR2"=hex string
"IPADDR"=hex string

[HKEY_LOCAL_MACHINE\SOFTWARE\IRE\SafeNet/Soft-PK\ACL\GROUPDEFS\_SafeNet_Default_Group]
"GROUPNAME"="GroupName"


Thanks a lot,


-- 
TREMALNAIK


More information about the Users mailing list