FreeSwan -- > NetScreen
This is a discussion on FreeSwan -- > NetScreen within the Linux Security forums, part of the System Security and Security Related category; Hi Everyone, I'm a newbie to VPN (and networking) and would really appreciate someone helping me. I have been ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-03-2004
|
|||
|
|||
FreeSwan -- > NetScreen
Hi Everyone,
I'm a newbie to VPN (and networking) and would really appreciate someone helping me. I have been for the last 3 days pulling my hair out trying to connect to a NetScreen VPN on my work. In windows, the netscreen remote (vpn client) easily connects without problems... However I would really like to be able to connect using linux. Racoon: Latest Kernel: 2.6.7 Distribution: LFS I have tried many guides online for VPN but have failed in all of them. So far I have managed to rebuild the kernel and start ipsec with no problems. Ipsec Verify: [root@FireFox /mnt/win]# ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux FreeS/WAN U2.06/K(KLIPS support not presently loaded) Checking for IPsec kernel support: found 2.6 native [OK] Checking that pluto is running [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward map: FireFox [MISSING] Cannot execute command "host -t txt FireFox": No such file or directory Does the machine have at least one non-private address? [FAILED] But the configration is no where working. I'm listing all my settings that I see in NetScreen Remote.. hopefully somone will help me create all necessary files: ipsec.conf... what ever files.. *** Remote Party Identity and Addressing ID Type: IP Subnet Subnet: 192.168.0.0 Mask: 255.255.255.0 Protocol: All Connect using: Secure Gateway Tunnel ID Type: Ip Address 64.xx.xx.xx <-- ip to vpn router **MY IDENTITY Preshared Key: { A regular string xxxx } Certificate: None ID Type: Email Address xxxxxxx@xxxxxxx.xxxm <--- my email address @ work SECURITY POLICY **Select Phase 1 Negotiation Mode Aggressive Mode (selected) Perfect Forward Secrecy (disabled) ** Authentication (Phase 1 Proposal) Authentication: Preshared Key; Extended Authentication Encrypt Alg: Triple DES Hash Alg: SHA-1 SA LIFE: Unspecified Key Group: Diffie-Helman Group 2 **Key Exchange (Phase 2) SA Life: Unspecified Compression: None Encapsulation (ESP) Protocal: (true) Encrypt ALg: Triple DES Hash Alg: SHA-1 Encapsulation: Tunnel Authentication Protocal (AH) **** DISABLED*** Also note, that as soon as I hit connect on the vpn router... then a box pops up that asks me for another username and password...I just type in work email without domain, and then I type in a special password given to me. I would really like this to work, and I hope you one you guys can help me out :) If it works, I'll post a nice Howto so other users will also be able to connect. Saad. MY ipsec.conf -------------------- conn %default type=tunnel keyingtries=0 keylife=2h authby=secret disablearrivalcheck=no keyexchange=ike auth=esp compress=no rekey=yes rekeymargin=9m rekeyfuzz=25% ikelifetime=1h auto=start left=<NETSCREEN VPN ROUTER> 
|
Linear Mode
