[Swan] lifetime kilobytes
Paul Wouters
paul at nohats.ca
Thu Oct 14 17:48:09 UTC 2021
On Thu, 14 Oct 2021, Kontakt wrote:
> conn xxx
> authby = secret
> auto = ignore
>
> ikelifetime = 86400s
> salifetime = 3600s
>
> left = our public IP (ex. 8.8.8.8)
> leftsubnet = our public IP (ex. 8.8.8.8)
> right = client public IP (ex. 15.15.15.15)
> rightsubnet = client another public ip (ex. 15.15.15.30)
>
> ike = aes256-sha1; dh5
> phase2alg = aes256-sha1; dh5
> pfs = yes
> ikev2 = never
pasting that into a conf file gave me a number of weird errors. It seems
your whitespace is not truly spaces or tabs ?
Your subnets need to be CIDR, eg 8.8.8.8/32 and not just an IP.
Don't use spaces in the crypto strings, eg "aes256-sha1;dh5" and not
"aes256-sha1; dh5"
this works for me:
conn xxx
authby = secret
auto = ignore
ikelifetime = 86400s
salifetime = 3600s
left = 8.8.8.8
leftsubnet = 8.8.8.8/32
right = 15.15.15.15/32
rightsubnet = 15.15.15.30/32
ike = aes256-sha1;dh5
phase2alg = aes256-sha1;dh5
pfs = yes
ikev2 = never
Paul
More information about the Swan
mailing list