Working with FreeS/Wan – shared secret

[Anonymous]

Hi,

I got the latest vaporsec to work with linux freeswan with shared secret.
I had to set the local IP in the Main pannel (couldn’t this be done automatically BTW ?)
The settings are :
Main
Mode Mail
Proposal Check Clain
Node size 16
Phase1
Lifetime 1h
DH Group 2
Encryption 3des
Authentication MD5
Phase 2
Lifetime 8h
PFS Group 2
Encryption 3des
Authentication hmac_md5
ID
Address
Address

I couldn’t get the id to work (ie : @me.domain.com) – not sure why.
Just removed the leftid / rightid from my freeswan config.

Oh, as a sidenote, some config which could be added is Lifetime depenting on transfered traffic :
lifetime time 60 sec ; # sec,min,hour
lifetime byte 2 MB ; # B,KB,GB

Didn’t tested with certificates yet (freeswan patched is needed for this : http://www.freeswan.ca for more info)

Some usefull freeswan/kame links :
http://www.freeswan.ca/docs/freeswan-2.00/doc/interop.html#kame

[Anonymous]

Well, not sure if this is due to the interfaces I had on my box (en0 and en1 + loopback)
But to get it to work I had to set manually the IP of the NIC connected to the internet (well, the other one is not connected)
Maybe you could make a menu where you choose the interface you use, and the script then picks up that interface IP

I’m thinking about that for … well for peeps like me with 3 network cable on their desks to connect to different lans 😀
(disconnect, change settings, connect other cable)
Humm, now that I think about it, not sure if it’s a viable sollution (I sometime use the second airport nic)

BTW, I had issues when changing my cable from an external network, to the one I used to connect via VPN
The ipsed parts were stopped, but the gif interface still there , and I couldn’t connect to much stuffs then.
Maybe you should remove the gif interface when quitting the app / flushing everything ?

Anyway, thanks for the good work 🙂

Treuf

[Author]

Posts