[Openswan Users] ipsec.conf setup help please.
ssmith at nanb.nb.ca
Tue Nov 26 18:00:07 UTC 2013
I need some help getting an openSwan computer on my internal network to
connect to Juniper srx VPN device rented from our ISP.
Here are the settings I have been told to use from the ISP. I cannot
view these and have asked them to verify all settings at their end, as I
know we need to be exact. They do not support my setup and cannot offer
any guidance on how to connect to this device. Just the settings.
Here is what I was told:
Open firewall ports 4500, 500 and ESP protocol 50 on router
host ip - xxx.xxx.xxx.xxx
Phase 1 (IKE) Settings
Exchange Mode - Main
Encryption - AES - 128 bit
Authentication - SHA1
DH Group 2 - 3DES
Phase 2 Settings
Protocol - ESP128
Encryption - AES - 256 bit
Aggressive - Main
Authentication - SHA1 DES
Key Lifetime (seconds) - 3600 - 3DES
AES - 256 bit
Perfect Forward Secrecy - Yes MD5
DH Group 2 - 3DES SHA1
Once you have your tunnel up, you should be able to SSH to your server
with the following
My network has a public IP configured on a Cisco Router
And the computers behind it are all on a .16 subnet
I have researched and tried to get my ipsec.conf file ready for this.
# Debug-logging controls: "none" for (almost) none, "all" for
# For Red Hat Enterprise Linux and Fedora, leave
# Enable this if you see "failed to find any available worker"
#You may put your configuration (.conf) file in the "/etc/ipsec.d/"
However, I get 2 errors depending on small changes to the file.
If I use the left IP as my public IP then I see "We cannot identify
ourselves with the other end of this connection" errors in secure.log
If I use the left IP as my internal openSwan computer IP then I see
"No_PROPOSAL_CHOSEN" errors in secure.log
Any suggestions help is greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users