VPN Policy configuration for E61
13 January 2008
There are a lot of howtos on how to make E61 built-in VPN client working. None of them worked for me but customized policy did. Below are listed my files so it might help others. To find proper parameter values I used vpnc console application that ships with many Linux favours with Debug level set to 99: this displays actual encryption and hashing algorithms and other information. Note: Nokia's makesis.exe tool does not understand UNIX text file format, make sure all files are in Windows style.
VPN-policy-preshared-cisco.pkg
&EN
%{"My VPN public"}
#{"My VPN Policy"},(0x1000597E),1,0,1,TYPE = SA
[0x101F7961], 0, 0, 0, {"S60ProductID"}
"VPN-policy-preshared-cisco.pol"-"C:\System\Data\Security\Install\VPN.pol"
"VPN-policy-preshared-cisco.pin"-"C:\System\Data\Security\Install\VPN.pin", FM, "application/x-ipsec-policy-info"
(0x1000597E), 1, 0, 0, {"VPN Policy Installer"}
|
|
VPN-policy-preshared-cisco.pin
[POLICYNAME]
My VPN Policy
[POLICYDESCRIPTION]
Policy for Nokia Mobile VPN Client v3.0.
[POLICYVERSION]
1.1
[ISSUERNAME]
Do not edit
[CONTACTINFO]
Do not edit
|
|
VPN-policy-preshared-cisco.pol
SECURITY_FILE_VERSION: 3
[INFO]
Policy for Nokia Mobile VPN Client v3.0.
[POLICY]
sa ipsec_1 = {
esp
encrypt_alg 3
auth_alg 2
identity_remote 0.0.0.0/0
pfs
src_specific
hard_lifetime_bytes 0
hard_lifetime_addtime 3600
hard_lifetime_usetime 3600
soft_lifetime_bytes 0
soft_lifetime_addtime 3600
soft_lifetime_usetime 3600
}
remote 0.0.0.0 0.0.0.0 = { ipsec_1(XXX.XXX.XXX.XXX) }
inbound = { }
outbound = { }
[IKE]
ADDR: XXX.XXX.XXX.XXX 255.255.255.255
MODE: Aggressive
SEND_NOTIFICATION: TRUE
ID_TYPE: 11
FQDN: MyGroupName
GROUP_DESCRIPTION_II: MODP_1024
USE_COMMIT: FALSE
IPSEC_EXPIRE: FALSE
SEND_CERT: FALSE
INITIAL_CONTACT: TRUE
RESPONDER_LIFETIME: TRUE
REPLAY_STATUS: TRUE
USE_INTERNAL_ADDR: FALSE
USE_NAT_PROBE: TRUE
ESP_UDP_PORT: 0
NAT_KEEPALIVE: 60
USE_XAUTH: TRUE
USE_MODE_CFG: TRUE
REKEYING_THRESHOLD: 90
PROPOSALS: 1
ENC_ALG: 3DES-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: MD5
GROUP_DESCRIPTION: MODP_1024
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 28800
PRF: NONE
PRESHARED_KEYS:
FORMAT: STRING_FORMAT
KEY: 10 MyGroupPwd
|
|
Values in bold need change.
|
