Openswan <-> VyOS
Hello,
I’m having a bit of trouble connecting our current CentOS Openswan server with a Vyos server via IPSec.
I’ve posted this on the VyOS forums, but haven’t had many helpful responses, so I thought I would ask here.
http://forum.vyos.net/showthread.php?tid&504&pid)703#pid29703
Basically our Openswan configuration is as follows:
conn VYOS
keyingtries=0
keylife m
ikelifetime=2h
left=
right=
leftsubnets={
10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24}
rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24}
auto=start
authby=secret
dpddelay0
dpdtimeout0
dpdaction=hold
phase2alg
2 thoughts on - Openswan <-> VyOS
Maybe the other end is not supporting needed ciphers? Try other selections?
Eero
2016-02-17 16:38 GMT+02:00 John Cenile:
Almost all of the openswan developers left the project and created a fork named libreswan. You should switch in order to use an actively maintained product. The configuration files are basically the same.
On VyOS only? I don’t think that’s going to work with a single open/libreswan tunnel. I could be wrong, if it was working with 5
tunnels, but it seems problematic. Try to figure out how to specify multiple routes in a single tunnel:
http://forum.vyos.net/showthread.php?tid667