[Openswan Users] key 2048 bit
Salvatore
sasa at shoponweb.it
Wed Mar 27 15:28:01 UTC 2013
Mark wrote:
>You can store multiple secrets in ipsec.secrets -- the first part of the
line (before
>the :) is the criteria that matches it to the connection.
>e.g. I have something like:
>
>: RSA key.pem "password"
>1.1.1.1 %any: PSK "password"
>
>where the RSA key is used for most connections, and the PSK is used for
>connections where 1.1.1.1 is the left IP (and the right IP is anything).
with the current vpn connections (site to site and road connection) I have
the following file ipsec.secrets:
1.1.1.1 %any : PSK "123456789"
: RSA {
#pubkey=0sAQOkZi5vfx+....
Where 1.1.1.1 is my public ip address on left side
Psk 123456789 is used for road connection
Pubkey for the for the current connections site to site
now I have to change ipsec.conf to create the new VPN connection (site to
site) to the Fortinet using PSK:
conn myhost-fortinet
auto=start
authby=secret
pfs=yes
#sede left myhost
left=1.1.1.1
leftsubnet=172.16.0.0/24
leftnexthop=1.1.1.2
#side ricght fortinet
right=161.x.x.x
rightsubnet=192.168.1.0/24
rightnexthop=161.x.x.y
and then modify ipsec.secrets in this mode:
1.1.1.1 161.x.x.x : PSK "987654321"
1.1.1.1 %any : PSK "123456789"
: RSA {
#pubkey=0sAQOkZi5vfx+....
Is correct ?
Thanks.
-
Salvatore.
More information about the Users
mailing list