0

If you given the following specifications from a partners. How would you write a ipsec.conf file to connect to the tunnel. 

Authentication Method   PSK Pre-Shared Key
Encryption Scheme       IKE
Diffie-Hellman Group    Group 2
Encryption Algorithm    3DES
Hashing Algorithm       Sha1
Main or Aggressive Mode     Main mode
Lifetime (for renegotiation)        28800 seconds
Phase 2
Encapsulation (ESP or AH)       ESP
Encryption Algorithm        3DES
Authentication Algorithm        SHA1
Perfect Forward Secrecy     Group 2
Lifetime (for renegotiation)        3600 seconds
Lifesize in KB (for renegotiation)      Not used
Key Exchange For Subnets?       Yes
Encapsulation (ESP or AH)       ESP

I have written something like this but still fails to connect.

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
    # strictcrlpolicy=yes
    # uniqueids = no

# Add connections here.

#VPN connections

conn xxx-jsrx
    aggressive=yes
    authby=secret
    auto=start     
    #esp=3des-sha1
    ike=3des-sha1-modp1024
    ikelifetime=28800
    keyexchange=ike
    #leftid=@debian1.example.com
    rightid=xxx.xxx.xxx.xxx 
    left=xx.xxx.xxx.xxx
    right=xxx.xxx.xxx.xxx

Ipsec.secrets looks like this;

xxx.xxx.xxx.xxx(righid) : PSK “xxxxxxxxxxxxxx”

thank you.

Acacia
  • 16
  • 1
  • 7
  • 1
    What do log files say? – Tero Kilkanen Apr 18 '17 at 11:00
  • @TeroKilkanen, strongswan does not have a log file i have come across. connection keeps trying until it times out. – Acacia Apr 18 '17 at 11:03
  • @TeroKilkanen come across something **found 1 matching config, but none allows pre-shared key authentication using Main Mode** Removed the **aggressive=yes** and it went away. – Acacia Apr 18 '17 at 11:10

0 Answers0