Openswan (ClearOS) - Cisco PIX IPSEC VPN

One of our clients was interested in running a ClearOS server at one of the remote branches and had a requirement for a IPSEC vpn to another provider. The ClearOS server was already running openvpn to another site and we were tasked to get the ClearOS IPSEC (an Openswan) implementation to speak to a Cisco PIX.

The first thing we noticed was that the ClearOS IPSEC GUI is very basic, so we skipped over it and moved onto the CLI. Researching the net showed a few people had tried this but many had come up short and the best we could find was a Ubuntu Openswan to Cisco Pix 515e.

Note: ClearOS GUI overwrites manual changes by CLI. Do not configure via the ClearOS GUI and rather start the services manually.

So we built this configuration in our lab for testing and after a bit of tweaking it worked! Learning via the CLI for openswan really helped us learn it quickly (that and the experience we have of Cisco, Juniper, Fortigate Firewalls :D )

Please note:

• "Left Network" is terminology from Openswan to indicate one network
• "Right network" is by default then the remote network / peer
• BIG NOTE: For multiple subnets in an IPSEC tunnel you will require a openswan configuration PER network  

The ClearOS server is a ClearOS 5.2 Service Pack 1
The Cisco PIX is a Cisco PIX 515e with Code: 8.03

This is what our config was:
Create ipsec.<name>.conf in /etc/ipsec.d/ (unique name)