[Openswan Users] 3DES-SHA still supported? What am I doing wrong?
crackhd2 at gmail.com
Sun Apr 10 07:11:43 EDT 2011
sorry here is the full "ipsec barf" output: http://pastebin.com/ZnXx7f1r
On Sun, Apr 10, 2011 at 1:07 PM, Ben Schmidt <crackhd2 at gmail.com> wrote:
> Hello Mailinglist,
> I'm trying to setup a net-net tunnel for our office (10.0.0.0/22) via
> a public /29 to one of our Hosters FW/VPN boxes (Juniper SSG140) and
> tunnel out internal Network to our private /24 there.
> We're usually using a Lancom VPN/FW Box but traffic is increasing and
> the Box is operating at it's limit so it needs to be replaced plus
> it's really a pain and I'm glad if we can get rid of it.
> I know that the Hosters VPN Box is setup to allow:
> Phase 1: PreShared Key, DH Group 2, 3DES SHA Authentitaction (28800 Seconds)
> Phase 2: DH Group2, 3DES SHA
> So it should look like that
> Office Network | Router (NAT) | Public IP | Internet | Hoster VPN |
> private Network at Hoster
> 10.0.0.0/22 > 10.0.0.1 > public_ip > inet > hoster_ip
> > 10.25.28.0/24
> The Router is a running debian GNU/Linux 6.0 amd64, useing openswan 2.6.28
> "ipsec verify" > http://pastebin.com/qx2BC9mA
> "ipsec auto --status" > http://pastebin.com/LnvCucMT
> "/etc/ipsec.conf" > http://pastebin.com/uth4Xd1r
> "/etc/ipsec.secrets" > http://pastebin.com/jznT3hBu
> "ipsec barf" > http://pastebin.com/Fdn7kLH1
> I'm just trying on the Router without and net to net tunnels yet to
> take out sources of errors.
> So "#1: pending Phase 2 for "testvpn" replacing #0" tells me that
> Phase1 wasn't successful.
> What am I doing wrong? Could somebody please point me in a direction
> on where to look at?
> Thanks a lot,
More information about the Users