[Openswan Users] OpenSWAN config for Linux-Windows and Linux-Linux
Sohl, Jacob (LNG-SEA)
jacob.sohl at applieddiscovery.com
Fri Oct 21 18:46:10 EDT 2011
I am still somewhat new with IPsec and encryption. Forgive me if I use
the wrong terms in explaining.
I am working with about 50 systems, trying to configure IPsec. About 10
of the systems are Windows Server 2008, the rest are RedHat Linux. The
systems are on a private network behind a firewall, so we have been
using IPsec transport mode. We were using RHEL4 with ipsec-tools, but we
are upgrading to RHEL6 which uses openswan, which we have never worked
with. I have created the following configuration which works between
RHEL6-Windows and RHEL6-RHEL5(ipsec-tools). But between any RHEL6
everything is in clear. Can someone tell me why this configuration works
between RHEL6-Win2008 and RHEL6-RHEL5(ipsec-tools), but not RHEL6-RHEL6?
And how can I fix it. And why is RHEL6-RHEL6 in clear and not being
blocked or rejected?
The idea is to have generic configuration files that I can put on 40+
Linux systems. Even if I had to 1 file for RHEL6-Windows and 1 for
RHEL6-RHEL6, I just don't want to have a create a custom file on every
# /etc/ipsec.conf - Openswan IPsec configuration file
# Manual: ipsec.conf.5
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
# Debug-logging controls: "none" for (almost) none, "all" for
plutodebug="control parsing emitting"
# For Red Hat Enterprise Linux and Fedora, leave
# Enable this if you see "failed to find any available worker"
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
(All IPs in subnet)
Thanks in advance.
More information about the Users