[[openswan]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
openswan [2006/07/25 15:49]
a created 		openswan [2012/05/18 13:17] (current)
greebo old revision restored
Line 4: Line 4:
  
 see: [[http://www.openswan.org|Openswan main page]], [[http://wiki.openswan.org|Openswan's Wiki]] see: [[http://www.openswan.org|Openswan main page]], [[http://wiki.openswan.org|Openswan's Wiki]]
 +
 +===== ipsec.secrets =====
 +<code |f ipsec.secrets>
 +x.x.x.x
 + x.x.x.x %any: PSK "<secretkeygoeshere>"
 +: RSA {
 +        # RSA 2048 bits   erwin   Tue Apr  1 19:54:25 2008
 +        # for signatures only, UNSAFE FOR ENCRYPTION
 +        #pubkey=0sAQOLURatBjxUM9StRL7M0++UoZTAsbmMa5ucAb.....
 +</code>
 +
 +===== OpenSWAN + Cisco PIX =====
 +
 +   version 2.0
 +   
 +   config setup
 +          interfaces=%defaultroute
 +          klipsdebug=all #enable debugging
 +          plutodebug=all
 +   
 +   conn tunnelipsec
 +          type=tunnel     #tunnel mode ipsec
 +          left=x.x.x.x   #the IP address of your OpenSWAN endpoint
 +          leftnexthop=y.y.y.y   #default gateway
 +          leftsubnet=10.0.0.0/  # network behind your endpoint
 +          right=%any   # Your IP, or %any for a road-warrior setup
 +          rightnexthop=%defaultroute    #defaultroute for road warrior unknown
 +          rightsubnet=10.2.0.0/16    #network behind the PIX
 +          esp=3des-sha1    #esp: 3des, hmac: sha1
 +          keyexchange=ike    #use regular ike
 +          authby=secret    #pre-shared secret,  you can also use rsa nounces
 +          pfs=yes    #use perfect forward secrecy
 +          auto=add     #don't initiate tunnel, but allow incoming
 +         spi=0x0    #use base spi of 0x0 for PIX
 +
 +PIX setup
 +
 +   sysopt connection permit-ipsec
 +   crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
 +   crypto map vpnmap 10 ipsec-isakmp
 +   crypto map vpnmap 10 match address 108
 +   crypto map vpnmap 10 set peer x.x.x.x 
 +   crypto map vpnmap 10 set transform-set vpnset
 +   crypto map vpnmap 10 set pfs group2
 +   crypto map vpnmap interface outside
 +   isakmp enable outside
 +   isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
 +   isakmp identity address
 +   isakmp policy 5 authentication pre-share
 +   isakmp policy 5 encryption 3des
 +   isakmp policy 5 hash sha
 +   isakmp policy 5 group 2
 +   isakmp policy 5 lifetime 3600
 +   nat (inside) 0 access-list 108
 +   access-list 108 permit ip 10.2.0.0 255.255.0.0 10.0.0.0 255.0.0.0 
  
openswan.1153835340.txt.gz ยท Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready