Connecting to Netscreen Series (NetScreen-5) VPN with Mac OS X (Snow Leopard)

« Back to blog

Connecting to Netscreen Series (NetScreen-5) VPN with Mac OS X (Snow Leopard)

(Followup to my NetScreen-5 from Ubuntu article) I recently struggled through the details of establishing a VPN connection from my Mac OS X desktop to a Juniper Networks Netscreen-5. Here's how I solved it. My Netscreen-5 was configured with some typical settings: Phase 1 Pre-shared key "your-pre-shared-key-here" Encryption "pre-g2-aes128-sha" Phase 2 Encryption "g2-esp-3des-sha" To configure the client-side using an Ubuntu desktop, I used Racoon and KVpnc but didn't have the luxury of KVpnc on my Mac desktop so I had to manually edit my racoon.conf:

log debug2;

path pre_shared_key "/etc/racoon/psk.txt";

path certificate "/etc/racoon/certs";

timer
{
        natt_keepalive 10 sec;
}

remote VPN.GATEWAY
{
        exchange_mode aggressive;
        nat_traversal on;
          ike_frag on;
        peers_identifier asn1dn;
        proposal_check obey;
        my_identifier user_fqdn "YOUR.EMAIL.ADDRESS";

        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group modp1024;
        }
}

sainfo address DESKTOP.IP.ADDRESS/32 any address VPN.GATEWAY/28 any
{
        pfs_group modp1024;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate;
}

listen
{
 adminsock "/var/run/racoon.sock" "root" "operator" 0660;
}

Posted by Eric Simmerman

Views

Posterous theme by Cory Watilo.

Eric's Agile Answers

Affiliations

Blogroll

Tags

Archive

Get Updates

Contributors

Connecting to Netscreen Series (NetScreen-5) VPN with Mac OS X (Snow Leopard)