From: Corey Rogers (jrog_at_sunbeach.net)
Date: Sun Oct 13 2002 - 23:00:09 CEST
Just sharing what was needed to form a tunnel between a freeswan box and
a netscreen 5 device using Pre Shared Keys.
config setup
interfaces="ipsec0=eth0:3"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
type=tunnel
keyingtries=0
keylife=2h
authby=secret
disablearrivalcheck=no
keyexchange=ike
auth=esp
compress=no
pfs=no
rekey=yes
rekeymargin=9m
rekeyfuzz=25%
ikelifetime=1h
auto=start
left=10.30.17.250
leftnexthop=10.30.17.254
Basically the only thing that needs to be changed is "pfs=no" by default
compress=no so this is not a problem. type=tunnell is also a default but
I just like seeing it in there.
On the netscreen select the challenges for phase2 (autoIKE) which have
nopfs, for example "nopfs-esp-3des-md5"
-- Never trust people who tell you all their troubles but keep from you all their joys....Jewish There's nothing remarkable about it. All one has to do is hit the right keys at the right time and the instrument plays itself .... Johann Sebastian Bach
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Oct 15 2002 - 05:20:26 CEST