[strongSwan] Problem configuring strongSwan

pankaj gupta beckman16 at gmail.com
Thu Apr 15 15:51:07 CEST 2010 

Hi community,

I am pretty desperate to make strongSwan work since last one week, but didnt
succeded.

I configured using README of strongswan 4.3.6 but connection is not working.

I configured /etc/ipsec.conf for roadwarrior case with:

    10.1.0.0/16 -- | 192.168.1.24 | === | 192.168.1.21 |
      karmic-net          karmic              pankaj-desktop

contents of /etc/ipsec.conf:

config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
        charonstart=no

# Add connections here.

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        left=192.168.1.24
        leftcert=karmicCert.pem
        leftid=@karmic
        leftfirewall=yes

conn net-net
        leftsubnet=10.1.0.0/16
        right=192.168.1.21
        rightsubnet=10.2.0.0/16
        rightid=@pankaj-desktop
        auto=add

conn host-host
        right=192.168.1.21
        rightid=@pankaj-desktop
        auto=add

conn rw
        left=192.168.1.21
        leftsubnet=10.1.0.0/16
        leftcert=karmicCert.pem
        right=%any
        auto=add



I have configured certificates and roadwarrior machine(pankaj-desktop) as
well.

Now, I cannot ping 10.1.0.1 from pankaj-desktop(roadwarrior).
Also commands like 'ipsec status', 'ipsec listcerts' they are not showing
any result.

Do you see any problem in this configuration?

Please help me configuring this. Let me know any other diagnosis result you
need to know in this regard.

this is part of the log from /usr/log/auth.log:

Apr 15 18:35:01 karmic CRON[24082]: pam_unix(cron:session): session closed
for user root
Apr 15 18:38:32 karmic ipsec_starter[24120]: Starting strongSwan 4.3.6 IPsec
[starter]...
Apr 15 18:38:43 karmic ipsec_starter[24133]: pluto too long to start... -
kill kill
Apr 15 18:38:45 karmic ipsec_starter[24135]: Starting strongSwan 4.3.6 IPsec
[starter]...
Apr 15 18:38:55 karmic ipsec_starter[24160]: pluto too long to start... -
kill kill
Apr 15 18:38:56 karmic ipsec_starter[24160]: connect(pluto_ctl) failed: No
such file or directory
Apr 15 18:39:01 karmic last message repeated 3 times
Apr 15 18:39:02 karmic ipsec_starter[24160]: starter_stop_pluto(): pluto
does not respond, sending KILL
Apr 15 18:39:03 karmic ipsec_starter[24160]: starter_stop_pluto(): can't
stop pluto !!!
Apr 15 18:39:03 karmic starter[24160]: ipsec starter stopped
Apr 15 18:40:01 karmic CRON[24190]: pam_unix(cron:session): session opened
for user root by (uid=0)


when I run starter with debugging:

root at karmic:~# /usr/libexec/ipsec/starter --debug-all
Starting strongSwan 4.3.6 IPsec [starter]...
| Default route found: iface=eth0, addr=192.168.1.24, nexthop=192.168.1.1
| Loading config setup
|   plutodebug=all

|   crlcheckinterval=180
|   strictcrlpolicy=no
|   charonstart=no
| Loading conn %default

|   ikelifetime=60m
|   keylife=20m
|   rekeymargin=3m
|   keyingtries=1
|   left=192.168.1.24
|   leftcert=karmicCert.pem
|   leftid=@karmic
|   leftfirewall=yes
| Loading conn 'net-net'

|   leftsubnet=10.1.0.0/16
|   right=192.168.1.21
|   rightsubnet=10.2.0.0/16
|   rightid=@pankaj-desktop
|   auto=add
| Loading conn 'host-host'

|   right=192.168.1.21
|   rightid=@pankaj-desktop
|   auto=add
| Loading conn 'rw'

|   left=192.168.1.21
|   leftsubnet=10.1.0.0/16
|   leftcert=karmicCert.pem
|   right=%any
|   auto=add
| Found netkey IPsec stack


that means starter is working fine, right?

Regards
Pankaj Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100415/8be5e8bd/attachment.html>

More information about the Users mailing list