[Openswan Users] Site-to-site VPN with openswan
Jakub Sobczak
sopel1000 at gmail.com
Tue Aug 28 11:17:56 EDT 2012
Hi,
I have never setup a live openSwan VPN tunnel, so please be understanding =)
I received the following config details to establish connection to the other
company's gateway:
Key Exchange Encryption: AES256 Data integrity: SHA1
IKE SA renegotiation: 8 hrs Aggresive mode: No
Use DH group: 1536 (group 5)
Authentication: PSK
IKE phase 2
Data Encryption: AES256 Data integrity: SHA1
IPSec SA renegotiation: 1 hr Aggresive mode: No
Perfect forward secrecy: Yes
Use DH group (Perfect forward secrecy) : 1536 (group 5)
This is my config from ipsec.conf (below). Apart from that, I also have
ipsec.secret with the following content: left_IP(mine)
right_IP(othercompany) "PSK"
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=klips
conn abc
#General
keyingtries=1
auto=add
#IKE Params
authby=secret
keyexchange=ike
ikelifetime=8h
ike=aes256-sha1-modp1536
#IPSec Params
type=tunnel
auth=esp
pfs=yes
compress=no
keylife=60m
esp=aes256-sha1
#pfsgroup=modp1536
# Left security gateway, subnet behind it, nexthop toward right.
left=my_IP
leftsubnet=192.168.5.1/32
right=other_comp_IP
rightsubnet=some_subnet
The second phase does not seem to be established. What is wrong? I believe
something with pfsgroup? How to properly set DH group?
Regards,
Jakub
More information about the Users
mailing list