Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
openswan [2012/05/17 08:37] greebo old revision restored |
openswan [2012/05/18 11:13] 216.206.60.33 ffgftAORYO |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Openswan ====== | + | 8IqsLG , [url=http://kywwfraotins.com/]kywwfraotins[/ |
- | + | ||
- | ex FreeSWAN - IPSec kernel stack and userspace ipsec tools for linux | + | |
- | + | ||
- | see: [[http://www.openswan.org|Openswan main page]], [[http://wiki.openswan.org|Openswan' | + | |
- | + | ||
- | ===== ipsec.secrets ===== | + | |
- | <code |f ipsec.secrets> | + | |
- | x.x.x.x | + | |
- | x.x.x.x %any: PSK "< | + | |
- | : RSA { | + | |
- | # RSA 2048 bits | + | |
- | # for signatures only, UNSAFE FOR ENCRYPTION | + | |
- | # | + | |
- | </code> | + | |
- | + | ||
- | ===== OpenSWAN + Cisco PIX ===== | + | |
- | + | ||
- | | + | |
- | + | ||
- | | + | |
- | interfaces=%defaultroute | + | |
- | klipsdebug=all #enable debugging | + | |
- | plutodebug=all | + | |
- | + | ||
- | conn tunnelipsec | + | |
- | type=tunnel | + | |
- | left=x.x.x.x | + | |
- | leftnexthop=y.y.y.y | + | |
- | leftsubnet=10.0.0.0/8 # network behind your endpoint | + | |
- | right=%any | + | |
- | rightnexthop=%defaultroute | + | |
- | rightsubnet=10.2.0.0/16 #network behind the PIX | + | |
- | esp=3des-sha1 | + | |
- | keyexchange=ike | + | |
- | authby=secret | + | |
- | pfs=yes | + | |
- | auto=add | + | |
- | | + | |
- | + | ||
- | PIX setup | + | |
- | + | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | nat (inside) 0 access-list 108 | + | |
- | | + |