The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Special Forums > Security
.
google unix.com



Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Problem while establishing ISAKMP in ipsec universalTechie Security 0 04-29-2008 02:36 AM
Shared memory in shared library DreamWarrior High Level Programming 12 05-30-2007 04:33 PM
Solaris 10 IPSec peformance blombo SUN Solaris 1 12-13-2006 07:17 AM
vpn problem using ipsec in monta vista linux govind_it03 Linux 4 07-05-2006 12:40 AM
Shared Libraries wojtyla Linux 1 09-16-2005 12:14 AM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 02-04-2003
eNTer eNTer is offline
Registered User
  
 

Join Date: Oct 2001
Location: Romania
Posts: 47
IPSec - VPN using shared key

Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec [FreeSwan/Linux] with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a 128bit hmac-md5 akey (RFC2451, RFC2403). The part I miss is: how can i split this key to be able to set up the other gateway with OpenBSD/FreeBSD? Or what must be done to use this single key for encryption and authentication on the xBSD gw? Here is a part from ipsec.conf:
Code:
conn my_connection
	left=[left_ip]
	...
	right=[right_ip]
	esp=3des-md5-96
	keyexchange=ike
	keylife=4h
	auto=start
and from ipsec.secrets:
Code:
left_ip right_ip : 0xaabccdd_eeffgghh_...
Thanks,
  #2 (permalink)  
Old 02-04-2003
Neo's Avatar
Neo Neo is offline Forum Staff  
Administrator
  
 

Join Date: Sep 2000
Location: Asia Pacific
Posts: 6,668
You don't need to 'split the key'... the key (shared secret) is symmetric, not asymmetric. You simply use the same (shared secret) key on both ends of the IPSEC VPN tunnel.

Each end will use the (shared secret) key to generate a session key.
  #3 (permalink)  
Old 02-11-2003
eNTer eNTer is offline
Registered User
  
 

Join Date: Oct 2001
Location: Romania
Posts: 47
My real problem is that the Linux gateway is using a "pre-shared ke", while the xBSD gateway is asking different keys with different encryption styles: encryption key and auth key. That i did not figure out: why BSD needs different keys and FreeSWAN/ipsec does not, or how can a BSD gateway talk to a FreeSWAN/Linux gateway with PSK?
  #4 (permalink)  
Old 02-11-2003
Neo's Avatar
Neo Neo is offline Forum Staff  
Administrator
  
 

Join Date: Sep 2000
Location: Asia Pacific
Posts: 6,668
Perhaps you would be better off using a simple shared secret between the two implementations. This shared secret would be used to establish a session key.

Did you try this to see if it would work? Did you establish a tunnel with only shared secrets (this is called a pre-shared key in the article below)?

http://www.onlamp.com/lpt/a/3043

Also, see the following article on setting up a BSD-LINUX IPSEC tunnel:

http://home.t-online.de/home/hburde/ipsec/node1.html
Closed Thread

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT -4. The time now is 11:46 PM.


Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0