Re: [strongSwan] Watchguard Edge - StrongSwan

2009-03-16 Thread Andreas Steffen 
strongSwan does *not* support IKEv1 Aggressive Mode - otherwise we would
have named the project weakSwan!

Best regards

Andreas

Tica wrote:
> Hello all,
> I'm really new to Strongwan!!
> 
> Is it possible to connect Watchguard Edge to Strongswan?
> 
> I'm asking this because I'm having huge headaches here trying to establish a
> VPN between these two systems.
> 
> The biggest problem is that I can't change the watchguard edge's
> configuration... and I already tried (without success) a lot of
> configurations in ipsec.conf.
> 
> These are the watchguard configurations:
> 
> Phase 1 Settings
> 
> Mode: Agressive Mode
> Authentication Algorithm: SHA1-HMAC
> Encryption Algorithm: DES-CBC
> Diffie-Helman Group: 1
> 
> Phase 2 Settings
> 
> Authentication Algorithm: SHA1-HMAC
> Encryption Algorithm: DES-CBC
> Enable PFS
> 
> Please... what should be the correct configuration to ipsec.conf ??
> 
> keyexchange=ikev1
> esp= ?
> pfs=yes
> pfsgroup= ?
> compress=no
> authby=secret
> ike= ?
> 
> Any help will be really apreciated!!
> 
> Thanks in advance to you all!
> 


-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==


smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Watchguard Edge - StrongSwan

2009-03-16 Thread Tica 
Hello all,
I'm really new to Strongwan!!

Is it possible to connect Watchguard Edge to Strongswan?

I'm asking this because I'm having huge headaches here trying to establish a
VPN between these two systems.

The biggest problem is that I can't change the watchguard edge's
configuration... and I already tried (without success) a lot of
configurations in ipsec.conf.

These are the watchguard configurations:

Phase 1 Settings

Mode: Agressive Mode
Authentication Algorithm: SHA1-HMAC
Encryption Algorithm: DES-CBC
Diffie-Helman Group: 1

Phase 2 Settings

Authentication Algorithm: SHA1-HMAC
Encryption Algorithm: DES-CBC
Enable PFS

Please... what should be the correct configuration to ipsec.conf ??

keyexchange=ikev1
esp= ?
pfs=yes
pfsgroup= ?
compress=no
authby=secret
ike= ?

Any help will be really apreciated!!

Thanks in advance to you all!

-- 
Tica ;-)
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] CA

2009-03-16 Thread Dirk Hartmann 


--On Sunday, March 15, 2009 09:29:16 AM +0100 Daniel Mentz 
 wrote:

> http://sandbox.rulemaker.net/ngps/m2/howto.ca.html
>
> I did not check it in detail and there might be better sites. But I
> think if you mix the information you get from this site with the
> information from the strongSwan configuration guide then you should
> be  able to set up a CA for using it with strongSwan.

And if you prefer a GUI to create and manage your CA you could try 
tinyca2


It is also available as a package in most distributions.

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users