[Openswan Users] Would this config work?
Magnus Holmberg
magnus.holmberg at delphideveloper.net
Thu Aug 15 10:56:16 UTC 2013
Hello.
I try to setup a vpn connection.
My server is located at ip
33.45.172.231
And the network behind is :
91.234.12.129/27
The remote end has specified this:
Remote details:
IPSEC Gateway 110.95.85.110
Net 192.220.144.0/24
VPN Configuration Phase 1 (IKE)
encryption scheme: ike
ike mode: main mode
encryption: 3des
authentication: sha1
authentication method: pre-shared key (shared secret)
diffie hellman group: group 2 (1024 bit)
isakmp lifetime: 86400 sec (1440 minutes)
VPN Configuration Phase 2 (IPsec)
ipsec mode: tunnel mode
ipsec protocol: esp
encryption algorithm: 3dec
authentication: sha1
perfect forward secrecy (pfs): disabled
security lifetime: 3600 seconds
Cisco configuration example:
crypto isakmp policy <priority>
encryption 3des
hash sha
authentication pre-share
group 2
lifetime 86400
!
crypto ipsec transform-set 3des-168-sha esp-3des esp-sha-hmac
!
crypto isakmp key <pre-shared-key> address 110.95.85.110
!
crypto map <map-name> <seq-num> ipsec-isakmp
description *** XXXX ***
set peer 110.95.85.110
set transform-set 3des-168-sha
match address <access-list-id>
!access-list <access-list-id> ip host <your-ftp-host> 192.220.144.0
0.0.0.255
Would the config below work? Or have I missed something?
config setup
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
conn MyVpnConnection
authby=secret
auto=start
dpddelay=3
dpdtimeout=120
dpdaction=restart
ike=3des-sha1-1024
esp=3des-sha1
rekey =yes
#keyingtries=3
keylife=30m
ikelifetime=1440m
left=33.45.172.231
leftsubnet=91.234.12.129/27
pfs=no
right=110.95.85.110
rightid=110.95.85.110
rightsubnet=192.220.144.0/24
More information about the Users
mailing list