Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Problem while establishing ISAKMP in ipsec | universalTechie | Security | 0 | 04-29-2008 02:36 AM |
| Shared memory in shared library | DreamWarrior | High Level Programming | 12 | 05-30-2007 04:33 PM |
| Solaris 10 IPSec peformance | blombo | SUN Solaris | 1 | 12-13-2006 07:17 AM |
| vpn problem using ipsec in monta vista linux | govind_it03 | Linux | 4 | 07-05-2006 12:40 AM |
| Shared Libraries | wojtyla | Linux | 1 | 09-16-2005 12:14 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
02-04-2003
|
||||
|
||||
|
IPSec - VPN using shared key
Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec [FreeSwan/Linux] with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a 128bit hmac-md5 akey (RFC2451, RFC2403). The part I miss is: how can i split this key to be able to set up the other gateway with OpenBSD/FreeBSD? Or what must be done to use this single key for encryption and authentication on the xBSD gw? Here is a part from ipsec.conf:
Code:
conn my_connection left=[left_ip] ... right=[right_ip] esp=3des-md5-96 keyexchange=ike keylife=4h auto=start Code:
left_ip right_ip : 0xaabccdd_eeffgghh_... |
|
02-04-2003
|
|||||
|
|||||
|
You don't need to 'split the key'... the key (shared secret) is symmetric, not asymmetric. You simply use the same (shared secret) key on both ends of the IPSEC VPN tunnel.
Each end will use the (shared secret) key to generate a session key. |
|
02-11-2003
|
||||
|
||||
|
My real problem is that the Linux gateway is using a "pre-shared ke", while the xBSD gateway is asking different keys with different encryption styles: encryption key and auth key. That i did not figure out: why BSD needs different keys and FreeSWAN/ipsec does not, or how can a BSD gateway talk to a FreeSWAN/Linux gateway with PSK?
|
|
02-11-2003
|
|||||
|
|||||
|
Perhaps you would be better off using a simple shared secret between the two implementations. This shared secret would be used to establish a session key.
Did you try this to see if it would work? Did you establish a tunnel with only shared secrets (this is called a pre-shared key in the article below)? http://www.onlamp.com/lpt/a/3043 Also, see the following article on setting up a BSD-LINUX IPSEC tunnel: http://home.t-online.de/home/hburde/ipsec/node1.html |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
