Skip to content

Configure IPsec options

Jump to bottom
Sander80 edited this page May 31, 2020 · 1 revision

In the Connection Settings dialog select the IPsec tab.

In the Remote Server edit box enter the IPv4 address or the host name of the remote access server that you want to connect to. If you use an IP address and the remote server is NAT'ed use the remote's public (not NAT'ed) IP address. If you use a host name, make sure that a DNS server is in place who can resolve it.

Leave Server Identity edit box empty unless you want to verify the remote server's identity. In that case you have to know how the peer identifies itself. It often is a distinguished name like CN=cisco-fcs-ber.

If you enter the identity and it does not match, connection attempt will fail with time out and there will be a syslog message in auth.log like this:

003 "test" #1: we require peer to have ID 'CN=ciscoasa-fsc-ber', but peer declares 'CN=ciscoasa-fsc-bmbg'

This line is telling you that you have entered CN=ciscoasa-fsc-ber as identity but peer identifies itself as CN=ciscoasa-fsc-bmbg.

Configure for pre-shared key authentication

If your provider gave you a secret or so called pre-shared key tick the Use pre-shared key for authentication radio button and enter the secret in the edit box below. You are done with IPsec configuration. Jump to the L2TP configuration.

Configure for certificate (rsasig) authentication

If your provider delivered you a machine certificate tick the Use Certificate for authentication radio button. Look if you can find the certificate in the list below.

Hint: When you move your mouse pointer over a list entry a tool tip opens and you can see the serial number and the common name of the certificate.

If the list is empty or your machine certificate is not listed you have to install it:

if you have a PKCS#12 (*.p12 or *.pfx) certificate bundle file click on the Import ... button and continue with Import PKCS12 certificate bundle otherwise see http://www.jacco2.dds.nl/networking/linux-l2tp.html#ImportingCertificates how to obtain and install the certificate. If you have manually installed the certificate close the Connection Settings dialog and re-open it again. Now you should see your certificate in the list.

Tick the appropriate certificate in the certificate list and you are done with IPsec configuration. Jump to the L2TP configuration.

Clone this wiki locally