[Openswan Users] ipsec.conf details for a regular client-to-gateway connection

Thomas Novin thomas at xyz.pp.se
Thu Nov 13 15:42:38 EST 2008


Hello!

I've tried to find documentation on how to do a very basic VPN
connection with OpenSwan but I can't find much in the documentation on
openswan.org. The best source for info was actually the man page
ipsec.conf(5).

My client is a Linux PC behind NAT, coming from various IP-adresses.

The other end is some Linksys VPN router and it's configured like this:

Access to: 10.1.1.0/24

Phase 1 DH Group 2
Phase 1 Encrypt 3DES
Phase 1 Auth MD5
Phase 1 SA Life-time 28800s
PFS yes

Phase 2 DH Group 2
Phase 2 Encrypt 3DES
Phase 2 Auth MD5
Phase 2 SA Life-time 3600s

Agressive mode

NAT-t

PSK: xxx

What I've come up with so far:

conn test
     auto=add
     left=%defaultroute
     #leftid=@test
     right=33.33.33.33
     rightsubnet=10.1.1.0/24
     rightid=%any
     keyingtries=3
     pfs=yes
     #pfsgroup=modp1024
     auth=esp
     authby=secret
     esp=3des-md5-modp1536
     ike=3des-md5-modp1536
     aggrmode=yes
     #keylife=8h
     #ikelifetime=1h

I also have an entry in ipsec.secrets.
---

When I try to add this connection I get an error:

034 esp string error: Non initial digit found for auth keylen, just
after "3des-md5-" (old_state=ST_AA_END)

Is the ipsec.conf(5) manual incorrect?

I have openswan 2.4.12+dfsg-1.3 (Ubuntu package)

Rgds


-- 
Thomas Novin <thomas at xyz.pp.se>
GPG Key ID CF62C14F http://xyz.pp.se/~thnov/gpg.asc



More information about the Users mailing list