[Openswan Users] OpenSWAN config for Linux-Windows and Linux-Linux

Sohl, Jacob (LNG-SEA) jacob.sohl at applieddiscovery.com
Mon Oct 24 13:18:46 EDT 2011 

I used the blank lines for readability in the file. I did not know they
were not allowed. I basically used the man page (for ipsec.conf) as a
guide when writing the conf. I didn't see anything in there about that.
I will definitely remove them. Thanks for pointing it out.

> -----Original Message-----
> From: Nick Howitt [mailto:n1ck.h0w1tt at gmail.com]
> Sent: Sunday, October 23, 2011 4:08 AM
> To: Sohl, Jacob (LNG-SEA)
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] OpenSWAN config for Linux-Windows and
> Linux-Linux
> 
> Jacob,
> 
> Are you aware that you are not allowed blank lines within a conn
> section
> or is that typo?
> 
> Nick
> 
> On 21/10/2011 23:46, Sohl, Jacob (LNG-SEA) wrote:
> > Hello,
> > I am still somewhat new with IPsec and encryption. Forgive me if I
> use
> > the wrong terms in explaining.
> > I am working with about 50 systems, trying to configure IPsec. About
> 10
> > of the systems are Windows Server 2008, the rest are RedHat Linux.
> The
> > systems are on a private network behind a firewall, so we have been
> > using IPsec transport mode. We were using RHEL4 with ipsec-tools,
but
> we
> > are upgrading to RHEL6 which uses openswan, which we have never
> worked
> > with. I have created the following configuration which works between
> > RHEL6-Windows and RHEL6-RHEL5(ipsec-tools). But between any RHEL6
> > everything is in clear. Can someone tell me why this configuration
> works
> > between RHEL6-Win2008 and RHEL6-RHEL5(ipsec-tools), but not RHEL6-
> RHEL6?
> > And how can I fix it. And why is RHEL6-RHEL6 in clear and not being
> > blocked or rejected?
> > The idea is to have generic configuration files that I can put on
40+
> > Linux systems. Even if I had to 1 file for RHEL6-Windows and 1 for
> > RHEL6-RHEL6, I just don't want to have a create a custom file on
> every
> > system.
> >
> > -----------------------
> > # /etc/ipsec.conf - Openswan IPsec configuration file
> > #
> > # Manual:     ipsec.conf.5
> > #
> > # Please place your own config files in /etc/ipsec.d/ ending in
.conf
> >
> > version 2.0     # conforms to second version of ipsec.conf
> specification
> >
> > # basic configuration
> > config setup
> >          # Debug-logging controls:  "none" for (almost) none, "all"
> for
> > lots.
> >          # klipsdebug=none
> >        plutodebug="control parsing emitting"
> >          # For Red Hat Enterprise Linux and Fedora, leave
> > protostack=netkey
> >        protostack=netkey
> >        nat_traversal=yes
> > 	  #virtual_private=
> > 	  #oe=off
> >          # Enable this if you see "failed to find any available
> worker"
> >          # nhelpers=0
> >        interfaces="%defaultroute"
> >
> > #You may put your configuration (.conf) file in the "/etc/ipsec.d/"
> and
> > uncomment this.
> > include /etc/ipsec.d/*.conf
> >
> >
> >
> > -----------------------
> > /etc/ipsec.d/test1.conf
> >
> > conn test1
> >          type=transport
> >
> >          left=%defaultroute
> >
> >          right=%any
> >
> >          keyingtries=3
> >
> >          ikelifetime=8h
> >
> >          keylife=1h
> >
> >          rekey=yes
> >
> >          auto=start
> >
> >          authby=secret
> >
> > -----------------------
> > /etc/ipsec.d/test1.secrets
> > (All IPs in subnet)
> >
> > Thanks in advance.
> > Jacob Sohl
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-
> easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155

More information about the Users mailing list