14.3. FreeS/WAN

Josh McAllister provided the following sample ipsec.conf, which can be used to connect SmallWall with FreeS/WAN in a site to site IPsec configuration.

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0     # conforms to second version of ipsec.conf specification

config setup
       interfaces=%defaultroute
       klipsdebug=none
       plutodebug=none
       uniqueids=yes

# defaults for subsequent connection descriptions

conn %default
       # How persistent to be in (re)keying negotiations (0 means
very).
       keyingtries=0
       #compress=yes

conn block
   auto=ignore

conn private
   auto=ignore

conn private-or-clear
   auto=ignore

conn clear-or-private
   auto=ignore

conn clear
   auto=ignore

conn packetdefault
   auto=ignore

conn josh
       type=tunnel
       left=ip.add.of.m0n0
       leftsubnet=m0n0.side.subnet/24
       leftnexthop=%defaultroute
       right=ip.add.of.freeswan
       rightsubnet=freeswan.side.subnet/24
       rightnexthop=%defaultroute
       authby=secret
       auth=esp
       esp=3des-md5-96
       pfs=no
       auto=start

SmallWall-side:
Phase1
Neg. mode = main
Enc. Alg = 3DES
Hash Alg = MD5
DH key grp = 5

Phase2
Protocol = ESP
Uncheck all Enc. Alg. Except 3des
Hash alg = md5
PFS key group = off