[Swan] IPSec secure messages.
Paul Wouters
paul at nohats.ca
Sun May 19 21:12:00 UTC 2019
On Sun, 19 May 2019, Madhan Raj wrote:
> Oh, you do have a conn...
>
> > conn 772007410_x509 left=10.63.101.19
> > leftcert=ipsec-db
> > leftrsasigkey=%cert
> > leftprotoport=tcp/0
> > leftid="C=RS, O=home, OU=cup, CN=esc-imppub-12.burren.pst, ST=serbia,
> L=belgrade"
> > right=10.63.101.18
> > rightcert=esc-cucm-12.burren.pst
> > rightrsasigkey=%cert
> > rightprotoport=tcp/0
> > rightid=""
use rightid=%fromcert
> > type=transport
> > auth=esp
> > authby=rsasig
> > keyexchange=ike
> > keyingtries=%forever
> > rekey=yes
> > ike=3des-sha1-modp1024
very old fashion and dh1024 is too weak and not allowed anymore. At the
minimum use ike=3des-sha1-modp1536, better is ike=aes-sha2-modp2048
> you can run: ipsec auto --add 772007410_x509
> to see if the connection loaded fine. If it does, you can run: ipsec auto --up
> 772007410_x509
You did not yet show me this step?
Paul
More information about the Swan
mailing list