[Openswan Users] Troubles with Fortinet AND openswan
Ing. Rodrigo Fernandez
rfernandez.net at gmail.com
Thu Dec 17 00:44:59 EST 2009
Hello people! Im new in this list, cause I have a little troubles with the
connection of my linux box and the fortigate, see I need to link the two
networks and I tried the forticare howto but without success let me put to
yours my confs and please I don't want you to do my job I only ask for a
little guidance, thank you
Openswan side:
conn casita
auth=esp
authby=secret
auto=start
esp=des
ike=aes-128-md5-modp1536
ikelifetime=1880s
keylife=28800s
left= casita1example.homeunix.net
leftnexthop=%direct
leftsubnet=10.0.0.0/24
pfs=yes
aggrmode=yes
right=fortinetrouter.no-ip.org
rightnexthop=%direct
rightsubnet=192.9.201.0/24
(I usea modp1536 to invite a diffihellman level 5) I read in the net that
for esp the default its DH 2 so I putted that in the fortinet:
Fortinet
Phase 1
Type: dyndns
Address: casita1example.homeunix.net
Local interface=wan1
Authentication method preshared key
Encription Aes128-md5
DH group level 5
Nat transversal = yes
Dead Peer detection = yes
Keylihe=2880
Mode: Aggressive Mode
Phase 2
Encription = des
Enable PFS = yes
DH Group = 2
Keylife=1880 seconds
Autokey keep alive = yes
In my secrect I have:
fortinetrouter.no-ip.org : PSK "myalphanumericpassword"
and when I try to connect the fortinet refuses the connection with messages
like:
Initiator: sent 189.136.66.164 aggressive mode message #1 (ERROR)
Responder: sent 189.136.66.164 aggressive mode message #1 (ERROR)
Or I have it hours and ours only in "phase one" (OK) but doesn't link up the
tunnel
I hope someone can help me a little thank you!!!
Best regards and happy X-mas holidays!
Sincerely yours Rodrigo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091216/3fc7e3f1/attachment-0001.html
More information about the Users
mailing list