[Openswan Users] Openswan to Fortigate 60B - VPN
Paul Wouters
paul at xelerance.com
Sun Sep 5 13:13:47 EDT 2010
On Sat, 4 Sep 2010, Erick Chinchilla Berrocal wrote:
> P2 Proposal
> 1- Encryption = 3DES Authentication = MD5
> 2- Encryption = 3DES Authentication = SHA1
> Enable replay detection = yes
> Enable perfect forward secrecy (PFS) = yes
> DH Group = 5
> - Source address = 192.168.x.x/24 (LAN this side)
The x.x/24 is odd, you are sure that's not a /16 ?
> Initiator: sent x.x.x.x (public IP openswan) main mode message #1 (OK)
> conn nb-vpn # Nombre de la conexion
> type=tunnel
> auth=esp
> authby=secret
> esp=3des-md5!;modp1536
Do not use "!" anywhere.
esp=3des
> leftrsasigkey=abc # key
You are not using RSA (authby=secret) so remove this
> rightrsasigkey=abc # key
same here
> ike=3des-md5!
no "!", use ike=3des
And use auto=start to startup on default.
It looks like you dont get an answer to the first packet, which
usually means a firewall problem.
Paul
More information about the Users
mailing list