Sponsored Content
Full Discussion: IPSec - VPN using shared key
Special Forums Cybersecurity IPSec - VPN using shared key Post 34108 by eNTer on Tuesday 4th of February 2003 12:05:03 PM
Old 02-04-2003
IPSec - VPN using shared key

Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec [FreeSwan/Linux] with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a 128bit hmac-md5 akey (RFC2451, RFC2403). The part I miss is: how can i split this key to be able to set up the other gateway with OpenBSD/FreeBSD? Or what must be done to use this single key for encryption and authentication on the xBSD gw? Here is a part from ipsec.conf:
Code:
conn my_connection
	left=[left_ip]
	...
	right=[right_ip]
	esp=3des-md5-96
	keyexchange=ike
	keylife=4h
	auto=start

and from ipsec.secrets:
Code:
left_ip right_ip : 0xaabccdd_eeffgghh_...

Thanks,
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to interpret the shared memory key

I'm facing a problem interpreting the shared memory key on an AIX machine. (1) I go to a property file and I see the following: shm_key = "119112066" (2) So I now go the command prompt and do this: ipcs -m | grep 119112066 And, I do not find it. So what I do is to run the... (2 Replies)
Discussion started by: vijaygade
2 Replies

2. IP Networking

IPSec VPN Routing

Hello, I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue. ... (0 Replies)
Discussion started by: salukibob
0 Replies

3. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

4. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

5. Programming

Shared library with acces to shared memory.

Hello. I am new to this forum and I would like to ask for advice about low level POSIX programming. I have to implement a POSIX compliant C shared library. A file will have some variables and the shared library will have some functions which need those variables. There is one special... (5 Replies)
Discussion started by: iamjag
5 Replies

6. IP Networking

VPN IPSec Openswan

Hi all, I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies

7. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

8. IP Networking

Best tool to monitor VPN IPSEC Tunneling

We are using cyberoam device, VPN IPSEC tunnel is going of frequently even the traffic is throug. Please suggest what may be the cause for the above mentioned issue. Also suggest a best tool to monitor the same VPN IPSEC tunnel connectivity. (4 Replies)
Discussion started by: marunmeera
4 Replies
vpnd(8) 						    BSD System Manager's Manual 						   vpnd(8)

NAME
vpnd -- Mac OS X VPN service daemon SYNOPSIS
vpnd [-d | -n | -x] [-i server_id] vpnd [-h] DESCRIPTION
vpnd allows external hosts to tunnel via L2TP over IPSec or via PPTP from an insecure external network (such as the Internet) into a "secure" internal network, such as a corporate network. All traffic through the tunnel is encrypted to provide secure communications, with L2TP/IPSec providing a higher level of security than PPTP. vpnd listens for incoming connections, pairs each one with an available internal IP address, and passes the connection to pppd(8) with appro- priate parameters. Parameters for vpnd are specified in a system configuration (plist) file in XML format. This file contains a dictionary of configurations each identified by a key referred to as a server_id. Parameters include the tunneling protocol, IP addresses to be assigned to clients, PPP parameters etc. vpnd is launched for a particular configuration by using the -i option which takes the server_id to be run as an argument. vpnd can also be run without the -i option. In this case it will check the configuration file for a special array which contains a list of configurations to be run and will fork and exec a copy of vpnd for each server_id to be run. Running multiple vpnd processes simultaneously for a particular protocol is not allowed. vpnd will be launched during the boot process by a startup item if the field VPNSERVER is defined in /etc/hostconfig with the value -YES-. Typically, in this case it will be launched without the -i option and will check the configuration file to determine which configuration(s) are to be run. vpnd logs items of interest to the system log. A different log path can be specified in the configuration file. OPTIONS
The following options are available: -d Do not move to background and print log strings to the terminal. -h Print usage summary and exit. -i Server_id in the plist file that defines the configuration to be run. -n Do not move to background, print log information to the terminal, and quit after validating the argument list. -x Do not move to background. EXAMPLES
The default invocation, vpnd will read the list of configurations to run from the configuration file and launch them. This default configuration may be enabled at startup by defining VPNSERVER to -YES-. To specify a particular configuration to run use vpnd -i server_id FILES &; FOLDERS /usr/sbin/vpnd /etc/hostconfig /System/Library/StartupItems/NetworkExtensions /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist SEE ALSO
pppd(8) vpnd(5) Mac OS X 21 August 2003 Mac OS X

Featured Tech Videos

All times are GMT -4. The time now is 10:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy