I'm trying to connect to a host via IPSec, and the other party gave me these instructions:
Code: Select all
Phase 1
Authentication Method PSK: Pre-Shared Key
Encryption Scheme: IKE
Diffie-Hellman Group: Group 2
Encryption Algorithm: Aes 256
Hashing Algorithm: Sha 1
Main or Aggressive: Mode Main mode
Lifetime (for renegotiation): 86400s
Phase 2
Encapsulation (ESP or AH): ESP
Encryption Algorithm: Aes 256
Authentication Algorithm: Sha 1
Perfect Forward Secrecy: no PFS
Lifetime (for renegotiation): 86400s
I tried to translate these into a strongswan configuration, which doesn't work. Here's what I did:
Code: Select all
conn %default
authby=secret
keyexchange=ikev1
keyingtries=1
aggressive=no
pfs=no
ah=sha1-aes256-modp1024
lifetime=24h
conn site2site
left=<my server's public ip>
leftsubnet=<my server's internal ip>/32
right=<other party's public ip>
rightsubnet=<other party's internal ip>
esp=sha1-aes256
lifetime=24h
auto=start