IPSec (OpenSWAN)
James McKenzie
jjmckenzie51 at earthlink.net
Sun Dec 19 01:57:03 UTC 2010
On 12/3/10 1:39 PM, Trever L. Adams wrote:
> Hello Everyone,
>
> I have been struggling to get OpenSWAN to work. I am trying to get a
> setup going with the following:
>
> Router<--> Router, IPSec only, Pre-shared keys or certs (ESP, tunnel or
Get this to work in tunnel mode first.
> not)
> Router<--> Android Phones, IPSec/L2TP, Pre-shared keys (the certs is a
> lot of messing around that I am not comfortable doing yet with other
> people's phones
Your second comment is very true. Also, you should avoid shared secrets
if you can. I would recommend going with the certificate method as it
is easier to update as well. You did point out that you do not have
full control of them.
> I haven't yet tried Router to Router as I have seen it said that it is
> best to get the PSK w/ L2TP working first. The error I get (sorry, don't
> have the phone to test with and I can't find it in the logs at the
> moment) says something about not finding a valid pair and ignoring the
> connection on port 500.
>
It is looking for certificates, not a pre-shared key. Certificates are
the default method.
As to getting your own Certificate Authority on the phones, that should
not be hard. Look for a good Android guide and it should point out how
to do this. You may be able to fall back on a Linux guide if you can
root the box...
James McKenzie
More information about the users
mailing list