Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Migrate from Openswan to pfsense

    IPsec
    1
    1
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsaridas last edited by

      So I have a working ipsec vpn with Openswan which I would like to migrate to pfsense.

      I kindly request help before doing the change of the configuration of pfsense in order to see if I'm missing something.

      
       <phase1><ikeid>3</ikeid>
              <iketype>ikev1</iketype>
              <mode>main</mode>
              <disabled><interface>wan</interface>
              <remote-gateway>4.4.4.4</remote-gateway>
              <protocol>inet</protocol>
              <myid_type>myaddress</myid_type>
              <myid_data><peerid_type>peeraddress</peerid_type>
              <peerid_data><encryption-algorithm><name>3des</name></encryption-algorithm> 
              <hash-algorithm>md5</hash-algorithm>
              <dhgroup>2</dhgroup>
              <lifetime>86400</lifetime>
              <pre-shared-key>123456</pre-shared-key>
              <private-key><certref><caref><authentication_method>pre_shared_key</authentication_method>
      
              <nat_traversal>on</nat_traversal>
              <mobike>off</mobike>
              <dpd_delay>10</dpd_delay>
              <dpd_maxfail>5</dpd_maxfail></caref></certref></private-key></peerid_data></myid_data></disabled></phase1> 
      
      

      Phase2

      
       <phase2><ikeid>3</ikeid>
              <uniqid>574ff5e64f3a5</uniqid>
              <mode>tunnel</mode>
              <disabled><reqid>6</reqid>
              <localid><type>address</type>
      
      <address>8.8.8.8</address></localid>       
              <remoteid><type>network</type>
      
      <address>7.7.7.7</address>
      
                      <netbits>32</netbits></remoteid> 
              <protocol>esp</protocol>
              <encryption-algorithm-option><name>aes</name>
                      <keylen>auto</keylen></encryption-algorithm-option> 
              <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
              <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
              <pfsgroup>0</pfsgroup>
              <lifetime>28800</lifetime></disabled></phase2> 
      
      
      
       <phase2><ikeid>3</ikeid>
              <uniqid>57501f3318077</uniqid>
              <mode>tunnel</mode>
              <disabled><reqid>8</reqid>
              <localid><type>address</type>
      
      <address>8.8.8.8</address></localid>       
              <remoteid><type>network</type>
      
      <address>10.1.37.0</address>
      
                      <netbits>25</netbits></remoteid>      
              <protocol>esp</protocol>
              <encryption-algorithm-option><name>aes</name>
                      <keylen>auto</keylen></encryption-algorithm-option> 
              <encryption-algorithm-option><name>3des</name></encryption-algorithm-option> 
              <hash-algorithm-option>hmac_sha1</hash-algorithm-option>
              <pfsgroup>0</pfsgroup>
              <lifetime>28800</lifetime></disabled></phase2> 
      
      

      openswan configuration

      
      conn IPsec1
              type=tunnel
              left=4.4.4.4
              leftid=4.4.4.4
              leftsubnets={ 10.1.37.0/25 7.7.7.7/32 }
              rightsubnet=8.8.8.8/32
              right=8.8.8.8
              rightid=8.8.8.8
              pfs=no
              authby=secret
              ikelifetime=24h
              dpddelay=10
              dpdtimeout=30
              dpdaction=restart_by_peer
              auto=start
              keyexchange=ike
      
      

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post