[Openswan Users] OpenSWAN config for Linux-Windows and Linux-Linux

Nick Howitt n1ck.h0w1tt at gmail.com
Sun Oct 23 07:08:20 EDT 2011


Jacob,

Are you aware that you are not allowed blank lines within a conn section 
or is that typo?

Nick

On 21/10/2011 23:46, Sohl, Jacob (LNG-SEA) wrote:
> Hello,
> I am still somewhat new with IPsec and encryption. Forgive me if I use
> the wrong terms in explaining.
> I am working with about 50 systems, trying to configure IPsec. About 10
> of the systems are Windows Server 2008, the rest are RedHat Linux. The
> systems are on a private network behind a firewall, so we have been
> using IPsec transport mode. We were using RHEL4 with ipsec-tools, but we
> are upgrading to RHEL6 which uses openswan, which we have never worked
> with. I have created the following configuration which works between
> RHEL6-Windows and RHEL6-RHEL5(ipsec-tools). But between any RHEL6
> everything is in clear. Can someone tell me why this configuration works
> between RHEL6-Win2008 and RHEL6-RHEL5(ipsec-tools), but not RHEL6-RHEL6?
> And how can I fix it. And why is RHEL6-RHEL6 in clear and not being
> blocked or rejected?
> The idea is to have generic configuration files that I can put on 40+
> Linux systems. Even if I had to 1 file for RHEL6-Windows and 1 for
> RHEL6-RHEL6, I just don't want to have a create a custom file on every
> system.
>
> -----------------------
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:     ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
>          # Debug-logging controls:  "none" for (almost) none, "all" for
> lots.
>          # klipsdebug=none
>        plutodebug="control parsing emitting"
>          # For Red Hat Enterprise Linux and Fedora, leave
> protostack=netkey
>        protostack=netkey
>        nat_traversal=yes
> 	  #virtual_private=
> 	  #oe=off
>          # Enable this if you see "failed to find any available worker"
>          # nhelpers=0
>        interfaces="%defaultroute"
>
> #You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
> uncomment this.
> include /etc/ipsec.d/*.conf
>
>
>
> -----------------------
> /etc/ipsec.d/test1.conf
>
> conn test1
>          type=transport
>
>          left=%defaultroute
>
>          right=%any
>
>          keyingtries=3
>
>          ikelifetime=8h
>
>          keylife=1h
>
>          rekey=yes
>
>          auto=start
>
>          authby=secret
>
> -----------------------
> /etc/ipsec.d/test1.secrets
> (All IPs in subnet)
>
> Thanks in advance.
> Jacob Sohl
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list