Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux FreeSwan to ASL best options?

pablito
Does anyone have some config samples or guidlines for IPSEC options for ASL->Linux/FreeSwan?  Latest 3x ASL and latest 2.4 linux with 1.99 FreeSwan.  I'm trying to raise a server and remove one ASL box that only has 2 clients behind it.  Other end is ASL.  I have no trouble with ASL->ASL using RSA and 3DES-Comp.  


This thread was automatically locked due to age.
  • 0
    Answered my own question.  I copied part of the ASL ipsec.conf options to FreeSwan and it works fine.
            type=tunnel
            keyexchange=ike
            auth=esp
            pfs=yes
            esp=3des
            keylife=3600
            ikelifetime=7800

    Some of the options are the defaults and just redundent but it just works.

    And to avoid changing the  remote ASL configs I grabbed the original ipsec.secrets from the removed ASL box and then used similar setups on Linux.  Tunnels came up fine.

    FYI, on Linux I was able to use an FQDN for the remote endpoint which now allows me to have dynamic IPs on both ends.  I keep the DNS updated with ddclient.  Linux= 2.4.20 FreeSwan 1.99 with NAT Transversal patch. (patch not needed now but allowed me to test through ASL first).

        
Cookie Information Banner