1. Home
  2. pfSense® Software
  3. IPsec
  4. Migrate from Openswan to pfsense

Migrate from Openswan to pfsense

  • T

    So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.

    I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.

    
 <phase1><ikeid>3</ikeid>
        <iketype>ikev1</iketype>
        <mode>main</mode>
        <disabled><interface>wan</interface>
        <remote-gateway>4.4.4.4</remote-gateway>
        <protocol>inet</protocol>
        <myid_type>myaddress</myid_type>
        <myid_data><peerid_type>peeraddress</peerid_type>
        <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> 
        <hash-algorithm>md5</hash-algorithm>
        <dhgroup>2</dhgroup>
        <lifetime>86400</lifetime>
        <pre-shared-key>123456</pre-shared-key>
        <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>

        <nat_traversal>on</nat_traversal>
        <mobike>off</mobike>
        <dpd_delay>10</dpd_delay>
        <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1>

    Phase2

    
 <phase2><ikeid>3</ikeid>
        <uniqid>574ff5e64f3a5</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>6</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>7.7.7.7</address>

                <netbits>32</netbits></remoteid> 
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2> 


    
 <phase2><ikeid>3</ikeid>
        <uniqid>57501f3318077</uniqid>
        <mode>tunnel</mode>
        <disabled><reqid>8</reqid>
        <localid><type>address</type>

<address>8.8.8.8</address></localid>       
        <remoteid><type>network</type>

<address>10.1.37.0</address>

                <netbits>25</netbits></remoteid>      
        <protocol>esp</protocol>
        <encryption-algorithm-option><name>aes</name>
                <keylen>auto</keylen></encryption-algorithm-option> 
        <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
        <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
        <pfsgroup>0</pfsgroup>
        <lifetime>28800</lifetime></disabled></phase2>

    openswan configuration

    
conn IPsec1
        type=tunnel
        left=4.4.4.4
        leftid=4.4.4.4
        leftsubnets={ 10.1.37.0/25 7.7.7.7/32 }
        rightsubnet=8.8.8.8/32
        right=8.8.8.8
        rightid=8.8.8.8
        pfs=no
        authby=secret
        ikelifetime=24h
        dpddelay=10
        dpdtimeout=30
        dpdaction=restart_by_peer
        auto=start
        keyexchange=ike

    Thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy