[Openswan Users] Site-to-site VPN with openswan
Roel van Meer
roel.vanmeer at bokxing.nl
Wed Aug 29 03:13:05 EDT 2012
Jakub Sobczak writes:
> I have never setup a live openSwan VPN tunnel, so please be understanding =)
> I received the following config details to establish connection to the other
> company's gateway:
> Key Exchange Encryption: AES256 Data integrity: SHA1
> IKE SA renegotiation: 8 hrs Aggresive mode: No
> Use DH group: 1536 (group 5)
> Authentication: PSK
> IKE phase 2
> Data Encryption: AES256 Data integrity: SHA1
> IPSec SA renegotiation: 1 hr Aggresive mode: No
> Perfect forward secrecy: Yes
> Use DH group (Perfect forward secrecy) : 1536 (group 5)
> This is my config from ipsec.conf (below). Apart from that, I also have
> ipsec.secret with the following content: left_IP(mine)
> right_IP(othercompany) "PSK"
Just to be sure, the format of this needs to be:
126.96.36.199 188.8.131.52: PSK "sharedkey"
> config setup
> conn abc
If you specify "auto=add" the other end will have to initiate the
connection. Can you post the logs that show what happens during this time?
> #IKE Params
This parameter does not occur in my manpage. Which version of openswan are
> #IPSec Params
> # Left security gateway, subnet behind it, nexthop toward right.
As far as I can see, this is all correct.
A general remark: in my experience it is often easier to begin with less
specific configuration, for example:
> The second phase does not seem to be established. What is wrong? I believe
> something with pfsgroup? How to properly set DH group?
More information about the Users