I have sucesfully connected SuperFreeS/WAN 1.99.8 to Gauntlet 6.0 for
Solaris using certificates.
The main problem was ID for Gauntlet - you can track it out in
/var/log/secure:
"Gauntlet" #4: we require peer to have ID '10.0.3.190', but peer
declares '3020'
Certificate requests, and private keys were generated by openssl, and
then signed
by Microsoft CA.
Notice that connected subnets declared in /etc/ipsec.conf should be
exactly the same
as ones declared at Gauntlet side.
When connecting two Gauntlets, they usually tolerate if subnet declared
at one side is broader
for instance, 255.255.255.0 instead of 255.255.255.192).
Here is the working config:
conn %default
keyingtries=5
ikelifetime=8h
keylife=8h
authby=rsasig
leftcert=FreeSwanPublicKey.pem
leftrsasigkey=%cert
rightrsasigkey=%cert
left=10.0.2.140
leftsubnet=192.168.0.0/24
leftnexthop=%defaultroute
auto=add
conn Gauntlet
type=tunnel
auth=esp
pfs=no
auto=start
compress=no
keyexchange=ike
right=10.0.3.190
[EMAIL PROTECTED] # this worked for me, you can find correct id in
/var/log/secure
rightsubnet=192.168.1.0/24
ike=3des-sha-modp1024
esp=3des-sha1
rekeymargin=9m
rekeyfuzz=25%
Hope this helps,
Aleksandar Antic
Senior Network Administrator
Teletrader Software AG
Belgrade office
