[Openswan Users] Openswan to Fortigate 60B - VPN

Paul Wouters paul at xelerance.com
Sun Sep 5 13:13:47 EDT 2010


On Sat, 4 Sep 2010, Erick Chinchilla Berrocal wrote:

> P2 Proposal
> 1-      Encryption = 3DES Authentication = MD5
> 2-      Encryption = 3DES Authentication = SHA1
> Enable replay detection = yes
> Enable perfect forward secrecy (PFS) = yes
> DH Group = 5

> -          Source address = 192.168.x.x/24 (LAN this side)

The x.x/24 is odd, you are sure that's not a /16 ?

> Initiator: sent x.x.x.x (public IP openswan) main mode message #1 (OK)

> conn nb-vpn # Nombre de la conexion
>         type=tunnel
>         auth=esp
>         authby=secret
>         esp=3des-md5!;modp1536

Do not use "!" anywhere.

 	esp=3des

>         leftrsasigkey=abc   # key

You are not using RSA (authby=secret) so remove this

>         rightrsasigkey=abc   # key

same here

>         ike=3des-md5!

no "!", use ike=3des

And use auto=start to startup on default.

It looks like you dont get an answer to the first packet, which
usually means a firewall problem.

Paul


More information about the Users mailing list