Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

Wed, 27 Aug 2008 09:04:27 -0700 

Dirk Mast wrote:
This config works for me: 

Hi,



OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and
the package ike is installed under Linux, too.



The openswan package is not sufficient to get a working IPsec between 
Linux and OpenBSD ?




OpenBSD:
ike esp from any to 172.16.1.98 quick auth hmac-sha1 enc aes
group modp1024 psk "IMTEHLINUXCLIENT"


on my setup i would need to add peer W.X.Y.Z (the linux ip)
no ?




Linux:
/etc/ipsec.conf
version 2.0
cono,g setup
interfaces=wlan0
plutodebug=ballb
nat traversal=yes


you mean
nat_traversal=yes ?


plutowait=yes
nhelpers=0
uniqueids=yes




conn openbsd
type=transport
left=172.16.1.98
right=172.16.1.1
rightsubnet=0.0.0.0/0

i would add leftsubnet too
no ?


keyexchange=ike
esp=aes128-sha1
ike=aes128-sha1-modp1024
auto=route
auth=esp
authby=secret
pfs=yes
keyingtries=rekeymargin=4m


you mean
keytries=%forever
?


disablearrivalcheck=no
rekey=yes
aggrmode=no

/etc/ipsec.secrets
172.16.1.1 172.16.1.98: PSK "IMTEHLINUXCLIENT"




Thanks

Laurent























					Reply via email to