Get Mozilla Firefox
Shrew Soft client doesn't support Transport mode but it allows to use AES (more secure than 3DES). So, in order to make our hosts communicate we need to create a virtual interface on the GNU/Linux host.
user@alice # apt-get install uml-utilities tunctl -u admin ifconfig tap0 172.31.0.1 ifconfig tap0 up
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
#
flush;
spdflush;
spdadd 10.0.0.200 10.0.0.118 any -P out ipsec
esp/transport//require;
spdadd 10.0.0.118 10.0.0.200 any -P in ipsec
esp/transport//require;
#path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
listen {
isakmp 10.0.0.200 [500];
}
#remote 10.0.0.118 {
remote anonymous {
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
certificate_type x509 "newcert.pem" "privkey.pem";
ca_type x509 "cacert.pem";
passive on;
generate_policy unique;
ike_frag on;
nat_traversal on;
dpd_delay 30;
proposal_check claim;
lifetime time 24 hours;
verify_identifier on;
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method rsasig ;
dh_group 15;
}
}
mode_cfg {
network4 172.31.0.2; # 192.168.100.1 est la première adresse allouee aux clients VPN
split_network include 172.31.0.0/24;
pool_size 20;
netmask4 255.255.255.0;
auth_source system;
#dns4 192.168.200.254; # 192.168.200.254 est l'adresse du DNS dans le reseau local distant
banner "/etc/racoon/motd";
#pfs_group 0;
}
#sainfo address 10.0.0.200 any address 10.0.0.118 any {
sainfo anonymous {
lifetime time 1 hour;
encryption_algorithm aes 128;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Contact :
