Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

IPSEC configuration HUGE doubts and problems. Please, experts help is needed.

Avatar of Fabio
FabioFlag for Brazil asked on
LinuxLinux NetworkingVPNSecurityEncryption
6 Comments1 Solution583 ViewsLast Modified:
Hi friends,

I'm getting very worried because a few days ago I've been posting the same doubt and editing the text to make it clearer, but I have no response from the Experts Exchange or any other Expert (there's a lot of good ones here)... I've been a Experts Exchange subscriber for over 5 years now... and never before have I been without the help of the experts ... I do not understand why it was left in oblivion.

Well... lets get to the point...

Please, I need to connect a strongswan VPN (my side) with another VPN software (other side) but the admin from "the other side doesn't provides enough info... so I'm trying to figure out and troubleshoot this with trial and error... already for many days and a lot of migraines...

They (the other side) provide me a PSK (OK)... already configured in ipsec.secrets and they also gave me the following instructions:  

1st Phase (IKE V2)                                          
DH 2 = 1024 bits                                           
SHA-256                                          
AES-256                                          
Lifetime = 1440m                                           
                                          
2nd Phase (ESP)                                          
PFS - DH 2 - 1024 bits                                          
SHA-256                                          
AES-256                                          
Lifetime = 3600s

My question is (please): how do I configure this specific connection? especially the parameters ike and esp; anything else is needed in the configuration example below?

conn myside-otherside
      keyingtries=%forever
        keyexchange=ikev2
        compress=no
        authby=secret
        ikelifetime=1440m
        keylife=60m
        rekeymargin=3m
        ike=???
        esp=???
        right=x.x.x.x
        rightid=x.x.x.x
        rightsubnet=y.y.y.y/z
        left=a.a.a.a
        leftid=a.a.a.a
        leftsubnet=b.b.b.b/c
        leftfirewall=yes
        lefthostaccess=yes
        auto=start

In time... My participation here in the Experts Exchange is not so good because, mainly, of the language barrier and also because the overwork (which sucks up to those milliseconds I'd like to save per day) that everyone here knows... :)

Finally... Please... If I'm doing something wrong that is causing this lack of interest in my questions, I apologize in advance and ask you guys to clarify me how I can overcome / correct the situation.

Best Regards
ASKER CERTIFIED SOLUTION
Avatar of Fabio
FabioFlag of Brazil imageConsultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answers