[Vpn-help] Linux Client connection to Cyberoam Firewall/VPN
Scott Selvia
selvia_scott at hotmail.com
Wed Dec 2 20:16:11 CST 2009
My company is using a Cyberoam Firewall/VPN and I can connect to the VPN via Windows Greenbox IPSEC VPN client or Linux (Ubuntu/Fedora) using Openswan IPSEC client. I just installed Ubuntu 9.10 and was trying to connect using the Shrew Soft VPN Access Manager and I cannot get connected. Here is my ipsec.conf settings for Openswan:
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces=%defaultroute
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
conn MyCompany
authby=secret
type=tunnel
keyingtries=1
keyexchange=ike
ike=3des-md5
esp=3des-md5
pfs=yes
auto=start
left=%defaultroute
right=xxx.xxx.xxx.xxx
rightsubnet=192.168.0.0/24
Here is the Shrew Soft VPN exported file:
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:0
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:0
n:network-notify-enable:0
n:client-banner-enable:1
n:client-dns-used:1
n:client-dns-auto:0
b:auth-mutual-psk:xxxxxxxxxx
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:0
n:phase2-pfsgroup:-1
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:xxx.xxx.xxx.xxx
s:client-auto-mode:push
s:client-iface:virtual
s:client-ip-addr:192.168.0.0
s:client-ip-mask:255.255.255.255
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:192.168.0.xxx
s:client-dns-suffix:mycompany
s:auth-method:mutual-psk
s:ident-client-type:address
s:ident-server-type:address
s:phase1-exchange:main
s:phase1-cipher:3des
s:phase1-hash:md5
s:phase2-transform:3des
s:phase2-hmac:md5
s:ipcomp-transform:disabled
In the Windows Greenbox Client if have the following setup:
IKE:
Encryption: 3DES
Authentication: MD5
Key Group: DH2 (1024)
ESP:
Encryption: 3DES
Authentication: MD5
Mode: Tunnel
What settings do I need to get the Shrew Soft client working?
Thanks...
_________________________________________________________________
Windows Live Hotmail is faster and more secure than ever.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_1:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091203/318de6a9/attachment-0001.html>
More information about the vpn-help
mailing list