Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Migrate from Openswan to pfsense

    IPsec
    1
    1
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsaridas last edited by

      So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.

      I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.

      
 <phase1><ikeid>3</ikeid>
        <iketype>ikev1</iketype>
        <mode>main</mode>
        <disabled><interface>wan</interface>
        <remote-gateway>4.4.4.4</remote-gateway>
        <protocol>inet</protocol>
        <myid_type>myaddress</myid_type>
        <myid_data><peerid_type>peeraddress</peerid_type>
        <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> 
        <hash-algorithm>md5</hash-algorithm>
        <dhgroup>2</dhgroup>
        <lifetime>86400</lifetime>
        <pre-shared-key>123456</pre-shared-key>
        <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>

        <nat_traversal>on</nat_traversal>
        <mobike>off</mobike>
        <dpd_delay>10</dpd_delay>
        <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1>

      Phase2

      
 <phase2><ikeid>3</ikeid>
        <uniqid>574ff5e64f3a5</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>6</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>7.7.7.7</address>

                <netbits>32</netbits></remoteid> 
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2> 


      
 <phase2><ikeid>3</ikeid>
        <uniqid>57501f3318077</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>8</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>10.1.37.0</address>

                <netbits>25</netbits></remoteid>      
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2>

      openswan configuration

      
conn IPsec1
        type=tunnel
        left=4.4.4.4
        leftid=4.4.4.4
        leftsubnets={ 10.1.37.0/25 7.7.7.7/32 }
        rightsubnet=8.8.8.8/32
        right=8.8.8.8
        rightid=8.8.8.8
        pfs=no
        authby=secret
        ikelifetime=24h
        dpddelay=10
        dpdtimeout=30
        dpdaction=restart_by_peer
        auto=start
        keyexchange=ike

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post