[Openswan Users] 3DES-SHA still supported? What am I doing wrong?
Ben Schmidt
crackhd2 at gmail.com
Sun Apr 10 07:07:37 EDT 2011
Hello Mailinglist,
I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
tunnel out internal Network to our private /24 there.
We're usually using a Lancom VPN/FW Box but traffic is increasing and
the Box is operating at it's limit so it needs to be replaced plus
it's really a pain and I'm glad if we can get rid of it.
I know that the Hosters VPN Box is setup to allow:
Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800 Seconds)
Phase 2: DH Group2, 3DES SHA
So it should look like that
Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
private Network at Hoster
10.0.0.0/22 > 10.0.0.1 > public_ip > inet > hoster_ip
> 10.25.28.0/24
The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
"ipsec verify" > http://pastebin.com/qx2BC9mA
"ipsec auto --status" > http://pastebin.com/LnvCucMT
"/etc/ipsec.conf" > http://pastebin.com/uth4Xd1r
"/etc/ipsec.secrets" > http://pastebin.com/jznT3hBu
"ipsec barf" > http://pastebin.com/Fdn7kLH1
I'm just trying on the Router without and net to net tunnels yet to
take out sources of errors.
So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
Phase1 wasn't successful.
What am I doing wrong? Could somebody please point me in a direction
on where to look at?
Thanks a lot,
Ben
More information about the Users
mailing list