[Openswan Users] ipsec.conf details for a regular client-to-gateway connection
Thomas Novin
thomas at xyz.pp.se
Thu Nov 13 15:42:38 EST 2008
Hello!
I've tried to find documentation on how to do a very basic VPN
connection with OpenSwan but I can't find much in the documentation on
openswan.org. The best source for info was actually the man page
ipsec.conf(5).
My client is a Linux PC behind NAT, coming from various IP-adresses.
The other end is some Linksys VPN router and it's configured like this:
Access to: 10.1.1.0/24
Phase 1 DH Group 2
Phase 1 Encrypt 3DES
Phase 1 Auth MD5
Phase 1 SA Life-time 28800s
PFS yes
Phase 2 DH Group 2
Phase 2 Encrypt 3DES
Phase 2 Auth MD5
Phase 2 SA Life-time 3600s
Agressive mode
NAT-t
PSK: xxx
What I've come up with so far:
conn test
auto=add
left=%defaultroute
#leftid=@test
right=33.33.33.33
rightsubnet=10.1.1.0/24
rightid=%any
keyingtries=3
pfs=yes
#pfsgroup=modp1024
auth=esp
authby=secret
esp=3des-md5-modp1536
ike=3des-md5-modp1536
aggrmode=yes
#keylife=8h
#ikelifetime=1h
I also have an entry in ipsec.secrets.
---
When I try to add this connection I get an error:
034 esp string error: Non initial digit found for auth keylen, just
after "3des-md5-" (old_state=ST_AA_END)
Is the ipsec.conf(5) manual incorrect?
I have openswan 2.4.12+dfsg-1.3 (Ubuntu package)
Rgds
--
Thomas Novin <thomas at xyz.pp.se>
GPG Key ID CF62C14F http://xyz.pp.se/~thnov/gpg.asc
More information about the Users
mailing list