[strongSwan] net2net psk strongswan checkpoint
beer Ll
llcfhllml at gmail.com
Mon Jun 13 09:47:45 CEST 2016
Hi
I'm trying to install a net2net tunnel with
my linux vpn server
Debian 8.2 Linux kernel 3.16.0.4 Strongswan 5.2.1
to a remote site with
Checkpoin VPN gateway
The Checkpoint parameters proposed are
IKE version 1
*VPN AUTHENTICATION METHOD:* Pre-Shared Key (32 characters agreed upon
during the conference call)
*VPN PHASE 1:**AES-256* *SHA1* DH *Group 2*
*Rekeying Parameters:*
-
Renegotiate IKE (phase 1) Security associations every *60 minutes*
-
Renegotiate IPsec (IKE phase 2) Security associations every *15 minutes*
*VPN PHASE 2:* *AES-256* *SHA1*
-
Compression method: *None* (preferred) (DEFLATE is also accepted)
-
Use Perfect Forward Secrecy (PFS): *DH group 2* (preferred) (Group 5 is
also accepted)
my configuration is :
ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn %default
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
mobike=no
authby=secret
conn checkpoint
type=tunnel
left=1.2.3.4
leftsubnet=10.10.20.2/32
right=1.2.3.5
rightsubnet=10.10.10.1/32
keyexchange=ikev1
ikelifetime=1h
auth=esp
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024
pfs=yes
auto=start
authby=secret
with ipsec.secrets
1.2.3.4 1.2.3.5 : PSK "*************"
when I start the tunnel the Checkpoint side see this ISAKMP packet with :
vendor id (13) : XAUTH
vendor id (13) : RFC 3706
vendor id (13) : RFC 3947
vendor id (13) : draft-ietf-ipsec-nat-t-ike-02
and the Checkpoint tech side doesn't respond to this proposal
what can I do ?
thank you
Leo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160613/5d8e02c8/attachment.html>
More information about the Users
mailing list