[Users] Newbie question: NATed & Preshared keys (& XP ???)

Hello all, I'm new to the list and to FreeSwan too...

Well, I recently set up FreeSwan and it was mainly OK but there is an apparently easy question I was not able to answer myself, after a lot of documentation browsing as well.

The question is ... can a NATed client connect to a Free/Swan gateway using PSK ??? This is because with Linux it's easy to setup "authby=rsasig" and go on but will be nice to offer also XP connection and I'd avoid to fight with certificates if possible.

Here some details. Linux hosts are RedHat 8 with kernel 2.4.20-20.8.1.99.8.2foo, idest Super Frees/WAN 1.99.8, XP are XP Home :-)

The NATting device is at now a Linux box but I'm going to test at home with a Netgear DM602 ADSL router ...

This configuration DO WORK vith NAT.

# Gateway configuration ===========================
config setup

        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
conn %default
        keyingtries=0
        disablearrivalcheck=no
conn road
        right=193.205.x.y
        rightid=@blabla.bib.uniurb.it
        rightsubnet=10.1.1.0/24
        rightnexthop=193.205.x.z
        left=193.205.a.b
        leftsubnet=192.168.200.2/32   #or leftsubnetwithin ...
        leftid=@portatile.at1839.it
        leftnexthop=193.205.a.a
        authby=rsasig
        rightrsasigkey=0sAQOAZnYM2.....
        leftrsasigkey=gjyrf ....
        auto=add
        pfs=yes


# Linux Client configuration   ===========================


conn road
        right=193.205.x.y
        rightid=@blabla.bib.uniurb.it
        rightsubnet=10.1.1.0/24
        rightnexthop=193.205.x.z
        left=%defaultroute
        leftid=@portatile.at1839.it
        leftnexthop=
        authby=rsasig
        rightrsasigkey=0sAQOAZnYM2.....
        leftrsasigkey=gjyrf ....
        auto=add
        pfs=yes

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

If I switch to authby=secret and get rid of left and right rsasigkey the connection stuck on STATE_MAIN_I1: initiate ... :-(

The ipsec.secrets file contains

@blabla.bib.uniurb.it @portatile.at1839.it: PSK "sdfghjk ... lkjhg"

Well, I will send the barfs and so on IF the PSK way can be ... of course I suppose it's better to solve the problem with Linux before to try with XP :-)

Thanks for any help and forget my spaghetti English.

Paolo Cecchini.