4. Migrate from Openswan to pfsense

Migrate from Openswan to pfsense

  • T

    So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.

    I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.

    
 <phase1><ikeid>3</ikeid>
        <iketype>ikev1</iketype>
        <mode>main</mode>
        <disabled><interface>wan</interface>
        <remote-gateway>4.4.4.4</remote-gateway>
        <protocol>inet</protocol>
        <myid_type>myaddress</myid_type>
        <myid_data><peerid_type>peeraddress</peerid_type>
        <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> 
        <hash-algorithm>md5</hash-algorithm>
        <dhgroup>2</dhgroup>
        <lifetime>86400</lifetime>
        <pre-shared-key>123456</pre-shared-key>
        <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>

        <nat_traversal>on</nat_traversal>
        <mobike>off</mobike>
        <dpd_delay>10</dpd_delay>
        <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1>

    Phase2

    
 <phase2><ikeid>3</ikeid>
        <uniqid>574ff5e64f3a5</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>6</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>7.7.7.7</address>

                <netbits>32</netbits></remoteid> 
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2> 


    
 <phase2><ikeid>3</ikeid>
        <uniqid>57501f3318077</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>8</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>10.1.37.0</address>

                <netbits>25</netbits></remoteid>      
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2>

    openswan configuration

    
conn IPsec1
        type=tunnel
        left=4.4.4.4
        leftid=4.4.4.4
        leftsubnets={ 10.1.37.0/25 7.7.7.7/32 }
        rightsubnet=8.8.8.8/32
        right=8.8.8.8
        rightid=8.8.8.8
        pfs=no
        authby=secret
        ikelifetime=24h
        dpddelay=10
        dpdtimeout=30
        dpdaction=restart_by_peer
        auto=start
        keyexchange=ike

    Thanks

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy