asked on
IPSEC configuration HUGE doubts and problems. Please, experts help is needed.
Hi friends,
I'm getting very worried because a few days ago I've been posting the same doubt and editing the text to make it clearer, but I have no response from the Experts Exchange or any other Expert (there's a lot of good ones here)... I've been a Experts Exchange subscriber for over 5 years now... and never before have I been without the help of the experts ... I do not understand why it was left in oblivion.
Well... lets get to the point...
Please, I need to connect a strongswan VPN (my side) with another VPN software (other side) but the admin from "the other side doesn't provides enough info... so I'm trying to figure out and troubleshoot this with trial and error... already for many days and a lot of migraines...
They (the other side) provide me a PSK (OK)... already configured in ipsec.secrets and they also gave me the following instructions:
1st Phase (IKE V2)
DH 2 = 1024 bits
SHA-256
AES-256
Lifetime = 1440m
2nd Phase (ESP)
PFS - DH 2 - 1024 bits
SHA-256
AES-256
Lifetime = 3600s
My question is (please): how do I configure this specific connection? especially the parameters ike and esp; anything else is needed in the configuration example below?
conn myside-otherside
keyingtries=%forever
keyexchange=ikev2
compress=no
authby=secret
ikelifetime=1440m
keylife=60m
rekeymargin=3m
ike=???
esp=???
right=x.x.x.x
rightid=x.x.x.x
rightsubnet=y.y.y.y/z
left=a.a.a.a
leftid=a.a.a.a
leftsubnet=b.b.b.b/c
leftfirewall=yes
lefthostaccess=yes
auto=start
In time... My participation here in the Experts Exchange is not so good because, mainly, of the language barrier and also because the overwork (which sucks up to those milliseconds I'd like to save per day) that everyone here knows... :)
Finally... Please... If I'm doing something wrong that is causing this lack of interest in my questions, I apologize in advance and ask you guys to clarify me how I can overcome / correct the situation.
Best Regards
I'm getting very worried because a few days ago I've been posting the same doubt and editing the text to make it clearer, but I have no response from the Experts Exchange or any other Expert (there's a lot of good ones here)... I've been a Experts Exchange subscriber for over 5 years now... and never before have I been without the help of the experts ... I do not understand why it was left in oblivion.
Well... lets get to the point...
Please, I need to connect a strongswan VPN (my side) with another VPN software (other side) but the admin from "the other side doesn't provides enough info... so I'm trying to figure out and troubleshoot this with trial and error... already for many days and a lot of migraines...
They (the other side) provide me a PSK (OK)... already configured in ipsec.secrets and they also gave me the following instructions:
1st Phase (IKE V2)
DH 2 = 1024 bits
SHA-256
AES-256
Lifetime = 1440m
2nd Phase (ESP)
PFS - DH 2 - 1024 bits
SHA-256
AES-256
Lifetime = 3600s
My question is (please): how do I configure this specific connection? especially the parameters ike and esp; anything else is needed in the configuration example below?
conn myside-otherside
keyingtries=%forever
keyexchange=ikev2
compress=no
authby=secret
ikelifetime=1440m
keylife=60m
rekeymargin=3m
ike=???
esp=???
right=x.x.x.x
rightid=x.x.x.x
rightsubnet=y.y.y.y/z
left=a.a.a.a
leftid=a.a.a.a
leftsubnet=b.b.b.b/c
leftfirewall=yes
lefthostaccess=yes
auto=start
In time... My participation here in the Experts Exchange is not so good because, mainly, of the language barrier and also because the overwork (which sucks up to those milliseconds I'd like to save per day) that everyone here knows... :)
Finally... Please... If I'm doing something wrong that is causing this lack of interest in my questions, I apologize in advance and ask you guys to clarify me how I can overcome / correct the situation.
Best Regards
LinuxEncryptionInternet Protocol SecurityLinux NetworkingVPN
Last Comment
Fabio