[ previous ] [ next ] [ threads ]
 
 From:  "Scott McKenzie" <nzgreen at operamail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Openswan mobile user -> m0n0wall
 Date:  Tue, 31 Jan 2006 15:22:50 +1000 
I've searched high and low for an example of this configuration and couldn't
find anything, so here's my config.  I'm using Gentoo, so the Openswan config
files may be in a different location for other distros.

m0n0wall is setup as per this part of the FAQ:
http://doc.m0n0.ch/handbook/faq.html#id2608395

/etc/ipsec/ipsec.conf:
------------------------------------------------------------------------------
# /etc/ipsec/ipsec.conf - Openswan IPsec configuration file

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        # How persistent to be in (re)keying negotiations (0 means very)
        keyingtries=0

# Add connections here
conn tomonowall
        aggrmode=yes
        ike=3des-sha1-modp1024
        esp=3des-sha1
        authby=secret
        left=%defaultroute
        leftid=@scott at example dot com
        right=59.x.x.x
        rightsubnet=192.168.2.0/24
        rightid=59.x.x.x
        auto=start

#Disable Opportunistic Encryption
include /etc/ipsec/ipsec.d/examples/no_oe.conf
------------------------------------------------------------------------------

Then in /etc/ipsec/ipsec.secrets:
@scott at example dot com 59.x.x.x: PSK "myverylongsecretkey"


Hope this works for someone else.

Sorry about the sig.


-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze