[Swan] lifetime kilobytes

Paul Wouters paul at nohats.ca
Thu Oct 14 17:48:09 UTC 2021


On Thu, 14 Oct 2021, Kontakt wrote:

> conn xxx
>          authby = secret
>          auto = ignore
> 
>          ikelifetime = 86400s
>          salifetime = 3600s
> 
>          left = our public IP (ex. 8.8.8.8)
>          leftsubnet = our public IP (ex. 8.8.8.8)
>          right = client public IP (ex. 15.15.15.15)
>          rightsubnet = client another public ip (ex. 15.15.15.30)
> 
>          ike = aes256-sha1; dh5
>          phase2alg = aes256-sha1; dh5
>          pfs = yes
>          ikev2 = never

pasting that into a conf file gave me a number of weird errors. It seems
your whitespace is not truly spaces or tabs ?

Your subnets need to be CIDR, eg 8.8.8.8/32 and not just an IP.
Don't use spaces in the crypto strings, eg "aes256-sha1;dh5" and not
"aes256-sha1; dh5"

this works for me:

conn xxx
         authby = secret
         auto = ignore
         ikelifetime = 86400s
         salifetime = 3600s
         left = 8.8.8.8
         leftsubnet = 8.8.8.8/32
         right = 15.15.15.15/32
         rightsubnet = 15.15.15.30/32
         ike = aes256-sha1;dh5
         phase2alg = aes256-sha1;dh5
         pfs = yes
         ikev2 = never

Paul


More information about the Swan mailing list