You are not logged in.
- Topics: Active | Unanswered
#1 2009-04-11 04:38:48
- ataraxia
- Member
- From: Pittsburgh
- Registered: 2007-05-06
- Posts: 1,553
migrate from strongswan to openswan (or racoon)
Since there's a package for OpenSwan, and only an unsupported PKGBUILD for strongSwan, I figured I'd try to switch to OpenSwan in order to eliminate my last dependency on unsupported packages. (Even though I actually like strongSwan better. Binary > source any day.) Problem is, I can't figure out how to translate my setup from strongSwan to OpenSwan.
The other end is a Cisco 3000 series box, which I don't have access to the logs of. I have to use cert-based auth (without hybrid), so vpnc won't work.
This is my working strongSwan setup:
conn %default
left=%defaultroute
leftsourceip=172.31.25.47 #a virtual IP, not my regular one
leftcert=firiesen.pem
right=128.2.5.228
rightid="C=US, ST=Pennsylvania, L=Pittsburgh, O=Carnegie Mellon University, OU=Network Group, CN=vpn isam server1"
ike=3des-sha1
esp=3des-sha1
pfs=no
auto=start
conn isam-172-18
rightsubnet=172.18.0.0/15
conn isam-128-2-1
rightsubnet=128.2.1.0/24
conn rhnsat
rightsubnet=128.2.11.72/32OpenSwan gives me trouble trying to juggle around my real local IP with my private VPN IP. strongSwan lets me do phase 1 with my real IP and phase 2 with the private one. OpenSwan can't seem to figure that out.
So, any OpenSwan users here that know how to do this?
Alternately, can this be done with racoon? That implementation looks really crazy to me, and I never got anywhere with it, but at least it's in community.
Offline