Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
openswan [2012/05/18 11:13]
216.206.60.33 ffgftAORYO
openswan [2012/05/18 13:17] (current)
greebo old revision restored
Line 1: Line 1:
-8IqsLG , [url=http://kywwfraotins.com/]kywwfraotins[/​url], [link=http://inzzdwbqbofc.com/]inzzdwbqbofc[/​link], http://tmkucdoqhahx.com/+====== Openswan ====== 
 + 
 +ex FreeSWAN - IPSec kernel stack and userspace ipsec tools for linux 
 + 
 +see: [[http://www.openswan.org|Openswan main page]], [[http://wiki.openswan.org|Openswan'​s Wiki]] 
 + 
 +===== ipsec.secrets ===== 
 +<code |f ipsec.secrets>​ 
 +x.x.x.x 
 + x.x.x.x %any: PSK "<​secretkeygoeshere>"​ 
 +: RSA { 
 +        # RSA 2048 bits   ​erwin ​  Tue Apr  1 19:54:25 2008 
 +        # for signatures only, UNSAFE FOR ENCRYPTION 
 +        #​pubkey=0sAQOLURatBjxUM9StRL7M0++UoZTAsbmMa5ucAb..... 
 +</code> 
 + 
 +===== OpenSWAN + Cisco PIX ===== 
 + 
 +   ​version 2.0 
 +    
 +   ​config setup 
 +          interfaces=%defaultroute 
 +          klipsdebug=all #enable debugging 
 +          plutodebug=all 
 +    
 +   conn tunnelipsec 
 +          type=tunnel ​    #​tunnel mode ipsec 
 +          left=x.x.x.x ​  #the IP address of your OpenSWAN endpoint 
 +          leftnexthop=y.y.y.y ​  #​default gateway 
 +          leftsubnet=10.0.0.0/8   # network behind your endpoint 
 +          right=%any ​  # Your IP, or %any for a road-warrior setup 
 +          rightnexthop=%defaultroute ​   #​defaultroute for road warrior unknown 
 +          rightsubnet=10.2.0.0/16    #network behind the PIX 
 +          esp=3des-sha1 ​   #esp: 3des, hmac: sha1 
 +          keyexchange=ike ​   #use regular ike 
 +          authby=secret ​   #pre-shared secret, ​ you can also use rsa nounces 
 +          pfs=yes ​   #use perfect forward secrecy 
 +          auto=add ​    #​don'​t initiate tunnel, but allow incoming 
 +         ​spi=0x0 ​   #use base spi of 0x0 for PIX 
 + 
 +PIX setup 
 + 
 +   ​sysopt connection permit-ipsec 
 +   ​crypto ipsec transform-set vpnset esp-3des esp-sha-hmac 
 +   ​crypto map vpnmap 10 ipsec-isakmp 
 +   ​crypto map vpnmap 10 match address 108 
 +   ​crypto map vpnmap 10 set peer x.x.x.x  
 +   ​crypto map vpnmap 10 set transform-set vpnset 
 +   ​crypto map vpnmap 10 set pfs group2 
 +   ​crypto map vpnmap interface outside 
 +   ​isakmp enable outside 
 +   ​isakmp key ******** address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode 
 +   ​isakmp identity address 
 +   ​isakmp policy 5 authentication pre-share 
 +   ​isakmp policy 5 encryption 3des 
 +   ​isakmp policy 5 hash sha 
 +   ​isakmp policy 5 group 2 
 +   ​isakmp policy 5 lifetime 3600 
 +   nat (inside) 0 access-list 108 
 +   ​access-list 108 permit ip 10.2.0.0 255.255.0.0 10.0.0.0 255.0.0.0  
openswan.txt · Last modified: 2012/05/18 13:17 by greebo
CC Attribution-Noncommercial-Share Alike 4.0 International
Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0 ipv6 ready