Connecting to Netscreen Series (NetScreen-5) VPN with Mac OS X (Snow Leopard)

(Followup to my NetScreen-5 from Ubuntu article) I recently struggled through the details of establishing a VPN connection from my Mac OS X desktop to a Juniper Networks Netscreen-5. Here's how I solved it. My Netscreen-5 was configured with some typical settings:Phase 1Pre-shared key "your-pre-shared-key-here"Encryption "pre-g2-aes128-sha"Phase 2 Encryption "g2-esp-3des-sha"To configure the client-side using an Ubuntu desktop, I used Racoon and KVpnc but didn't have the luxury of KVpnc on my Mac desktop so I had to manually edit my racoon.conf:
log debug2;path pre_shared_key "/etc/racoon/psk.txt";path certificate "/etc/racoon/certs";timer{        natt_keepalive 10 sec;}remote VPN.GATEWAY{        exchange_mode aggressive;        nat_traversal on;          ike_frag on;        peers_identifier asn1dn;        proposal_check obey;        my_identifier user_fqdn "YOUR.EMAIL.ADDRESS";        proposal {                encryption_algorithm aes;                hash_algorithm sha1;                authentication_method pre_shared_key;                dh_group modp1024;        }}sainfo address DESKTOP.IP.ADDRESS/32 any address VPN.GATEWAY/28 any{        pfs_group modp1024;        encryption_algorithm 3des;        authentication_algorithm hmac_sha1;        compression_algorithm deflate;}listen{ adminsock "/var/run/racoon.sock" "root" "operator" 0660;}
Share Comments