[Openswan Users] 3DES-SHA still supported? What am I doing wrong?

Ben Schmidt crackhd2 at gmail.com
Sun Apr 10 07:07:37 EDT 2011

Hello Mailinglist,

I'm trying to setup a net-net tunnel for our office ( via
a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
tunnel out internal Network to our private /24 there.
We're usually using a Lancom VPN/FW Box but traffic is increasing and
the Box is operating at it's limit so it needs to be replaced plus
it's really a pain and I'm glad if we can get rid of it.

I know that the Hosters VPN Box is setup to allow:
Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800 Seconds)
Phase 2: DH Group2, 3DES SHA

So it should look like that
Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
private Network at Hoster     >     > public_ip     >  inet    >  hoster_ip

The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28

"ipsec verify" > http://pastebin.com/qx2BC9mA
"ipsec auto --status" > http://pastebin.com/LnvCucMT
"/etc/ipsec.conf" > http://pastebin.com/uth4Xd1r
"/etc/ipsec.secrets" > http://pastebin.com/jznT3hBu
"ipsec barf" > http://pastebin.com/Fdn7kLH1

I'm just trying on the Router without and net to net tunnels yet to
take out sources of errors.

So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
Phase1 wasn't successful.

What am I doing wrong? Could somebody please point me in a direction
on where to look at?

Thanks a lot,


More information about the Users mailing list