[LUGOS] m0n0wall in openvpn
Jernej Simončič
jernej.listsonly at ena.si
Sun Nov 4 19:46:56 CET 2007
On Sunday, November 4, 2007, 19:04:59, Klemen Humerca wrote:
> Ravno danes zjutraj sem naletel na OpenSwan in se lotil povezave z
> M0n0wall-om. Nekje se zatika saj vedno ob zagonu povezave dobim tole:
> conn atl
> auth=esp
> authby=secret
> auto=start
> esp=3des-md5-1024
> pfs=yes
> ike=3des-md5-1024
> ikelifetime=3600s
> keylife=3600s
> left=84.255.243.xxx
> leftid=84.255.243.xxx
> leftsubnet=192.168.1.0/24
> right=193.77.126.xxx
> rightid=193.77.126.xxx
> rightsubnet=192.168.0.0/24
> type=tunnel
Kakšne imaš nastavitve na m0n0wallu? Poleg tega ti priporočam, da
uporabljaš blowfish ali aes enkripcijo, ker so precej hitrejše od
3des (rabiš pa podporo v jedru).
Sam uporabljam naslednje nastavitve za Openswan:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
#plutodebug=all
klipsdebug=all
interfaces=%defaultroute
include /etc/ipsec.d/examples/no_oe.conf
conn xxx
authby=secret
pfs=yes
type=tunnel
left=89.212.xxx.xxx
leftnexthop=89.212.0.1
leftsubnet=10.0.0.0/24
right=84.255.xxx.xxx
rightsubnet=192.168.0.0/24
keyexchange=ike
auto=start
ike=aes128-sha1
esp=blowfish256-sha1,blowfish128-sha1,aes128-sha1
psSense imam pa konfiguriran tako:
<http://img511.imageshack.us/my.php?image=pfsensevpnbm3.png>
--
< Jernej Simončič ><><><><>< http://deepthought.ena.si/ >
An elephant is a mouse built to government specifications.
-- Erskines Observation on Government Procurement
More information about the lugos-list
mailing list