[strongSwan] Shrew Soft iked config

Michael Ahrens mahrens61 at icloud.com
Thu Jun 13 11:01:03 CEST 2019


Hi @all,

I would like to move from my very old Shrew Soft iked to Strongswan. Can somebody give me some help to convert the config ?

Here is my Shrew Soft iced Config:

n:version:4
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:0
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:0
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:28800
n:phase2-life-kbytes:0
n:policy-nailed:1
n:policy-list-auto:0
b:auth-mutual-psk:PSK
n:phase2-pfsgroup:2
s:client-saved-username:MYUSER
n:client-dns-suffix-auto:0
n:phase1-keylen:0
n:phase2-keylen:0
s:network-host:VPN-SERVER
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:DNS-SERVER1,DNS-SERVER2
s:client-dns-suffix:DOMAIN.local
s:auth-method:mutual-psk-xauth
s:ident-client-type:ufqdn
s:ident-client-data:MYUSER at DOMAIN
s:ident-server-type:address
s:ident-server-data:VPN-SERVER
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:sha1
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
s:policy-level:require
s:policy-list-include:192.168.0.0 / 255.255.0.0


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190613/7b1c01fc/attachment-0001.html>


More information about the Users mailing list