[[openswan]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
openswan [2009/05/25 00:35]
127.0.0.1 external edit 		openswan [2012/05/18 11:13]
216.206.60.33 ffgftAORYO
Line 1: Line 1:
-====== Openswan ====== +8IqsLG , [url=http://kywwfraotins.com/]kywwfraotins[/url], [link=http://inzzdwbqbofc.com/]inzzdwbqbofc[/link], http://tmkucdoqhahx.com/
- +
-ex FreeSWAN - IPSec kernel stack and userspace ipsec tools for linux +
- +
-see: [[http://www.openswan.org|Openswan main page]], [[http://wiki.openswan.org|Openswan's Wiki]] +
- +
-===== ipsec.secrets ===== +
-<code |f ipsec.secrets> +
-x.x.x.x +
- x.x.x.x %any: PSK "<secretkeygoeshere>" +
-: RSA { +
-        # RSA 2048 bits   erwin   Tue Apr  1 19:54:25 2008 +
-        # for signatures only, UNSAFE FOR ENCRYPTION +
-        #pubkey=0sAQOLURatBjxUM9StRL7M0++UoZTAsbmMa5ucAb..... +
-</code> +
- +
-===== OpenSWAN + Cisco PIX ===== +
- +
-   version 2.0 +
-    +
-   config setup +
-          interfaces=%defaultroute +
-          klipsdebug=all #enable debugging +
-          plutodebug=all +
-    +
-   conn tunnelipsec +
-          type=tunnel     #tunnel mode ipsec +
-          left=x.x.x.x   #the IP address of your OpenSWAN endpoint +
-          leftnexthop=y.y.y.y   #default gateway +
-          leftsubnet=10.0.0.0/8   # network behind your endpoint +
-          right=%any   # Your IP, or %any for a road-warrior setup +
-          rightnexthop=%defaultroute    #defaultroute for road warrior unknown +
-          rightsubnet=10.2.0.0/16    #network behind the PIX +
-          esp=3des-sha1    #esp: 3des, hmac: sha1 +
-          keyexchange=ike    #use regular ike +
-          authby=secret    #pre-shared secret,  you can also use rsa nounces +
-          pfs=yes    #use perfect forward secrecy +
-          auto=add     #don't initiate tunnel, but allow incoming +
-         spi=0x0    #use base spi of 0x0 for PIX +
- +
-PIX setup +
- +
-   sysopt connection permit-ipsec +
-   crypto ipsec transform-set vpnset esp-3des esp-sha-hmac +
-   crypto map vpnmap 10 ipsec-isakmp +
-   crypto map vpnmap 10 match address 108 +
-   crypto map vpnmap 10 set peer x.x.x.x  +
-   crypto map vpnmap 10 set transform-set vpnset +
-   crypto map vpnmap 10 set pfs group2 +
-   crypto map vpnmap interface outside +
-   isakmp enable outside +
-   isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode +
-   isakmp identity address +
-   isakmp policy 5 authentication pre-share +
-   isakmp policy 5 encryption 3des +
-   isakmp policy 5 hash sha +
-   isakmp policy 5 group 2 +
-   isakmp policy 5 lifetime 3600 +
-   nat (inside) 0 access-list 108 +
-   access-list 108 permit ip 10.2.0.0 255.255.0.0 10.0.0.0 255.0.0.0  +
openswan.txt · Last modified: 2012/05/18 13:17 by greebo
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready