Re: IPSec (OpenSWAN)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/3/10 1:39 PM, Trever L. Adams wrote:
> Hello Everyone,
>
> I have been struggling to get OpenSWAN to work. I am trying to get a
> setup going with the following:
>
> Router<-->  Router, IPSec only, Pre-shared keys or certs (ESP, tunnel or
Get this to work in tunnel mode first.
> not)
> Router<-->  Android Phones, IPSec/L2TP, Pre-shared keys (the certs is a
> lot of messing around that I am not comfortable doing yet with other
> people's phones
Your second comment is very true.  Also, you should avoid shared secrets 
if you can.  I would recommend going with the certificate method as it 
is easier to update as well.  You did point out that you do not have 
full control of them.
> I haven't yet tried Router to Router as I have seen it said that it is
> best to get the PSK w/ L2TP working first. The error I get (sorry, don't
> have the phone to test with and I can't find it in the logs at the
> moment) says something about not finding a valid pair and ignoring the
> connection on port 500.
>
It is looking for certificates, not a pre-shared key.  Certificates are 
the default method.

As to getting your own Certificate Authority on the phones, that should 
not be hard.  Look for a good Android guide and it should point out how 
to do this.  You may be able to fall back on a Linux guide if you can 
root the box...

James McKenzie

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux