Migrate from Openswan to pfsense



  • So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.

    I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.

    
     <phase1><ikeid>3</ikeid>
            <iketype>ikev1</iketype>
            <mode>main</mode>
            <disabled><interface>wan</interface>
            <remote-gateway>4.4.4.4</remote-gateway>
            <protocol>inet</protocol>
            <myid_type>myaddress</myid_type>
            <myid_data><peerid_type>peeraddress</peerid_type>
            <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> 
            <hash-algorithm>md5</hash-algorithm>
            <dhgroup>2</dhgroup>
            <lifetime>86400</lifetime>
            <pre-shared-key>123456</pre-shared-key>
            <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>
    
            <nat_traversal>on</nat_traversal>
            <mobike>off</mobike>
            <dpd_delay>10</dpd_delay>
            <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1> 
    
    

    Phase2

    
     <phase2><ikeid>3</ikeid>
            <uniqid>574ff5e64f3a5</uniqid>
            <mode>tunnel</mode>
            <disabled><reqid>6</reqid>
            <localid><type>address</type>
    
    <address>8.8.8.8</address></localid>       
            <remoteid><type>network</type>
    
    <address>7.7.7.7</address>
    
                    <netbits>32</netbits></remoteid> 
            <protocol>esp</protocol>
            <encryption-algorithm-option><name>aes</name>
                    <keylen>auto</keylen></encryption-algorithm-option> 
            <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
            <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
            <pfsgroup>0</pfsgroup>
            <lifetime>28800</lifetime></disabled></phase2> 
    
    
    
     <phase2><ikeid>3</ikeid>
            <uniqid>57501f3318077</uniqid>
            <mode>tunnel</mode>
            <disabled><reqid>8</reqid>
            <localid><type>address</type>
    
    <address>8.8.8.8</address></localid>       
            <remoteid><type>network</type>
    
    <address>10.1.37.0</address>
    
                    <netbits>25</netbits></remoteid>      
            <protocol>esp</protocol>
            <encryption-algorithm-option><name>aes</name>
                    <keylen>auto</keylen></encryption-algorithm-option> 
            <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
            <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
            <pfsgroup>0</pfsgroup>
            <lifetime>28800</lifetime></disabled></phase2> 
    
    

    openswan configuration

    
    conn IPsec1
            type=tunnel
            left=4.4.4.4
            leftid=4.4.4.4
            leftsubnets={ 10.1.37.0/25 7.7.7.7/32 }
            rightsubnet=8.8.8.8/32
            right=8.8.8.8
            rightid=8.8.8.8
            pfs=no
            authby=secret
            ikelifetime=24h
            dpddelay=10
            dpdtimeout=30
            dpdaction=restart_by_peer
            auto=start
            keyexchange=ike
    
    

    Thanks