[strongSwan] Problem configuring strongSwan
pankaj gupta
beckman16 at gmail.com
Thu Apr 15 15:52:32 CEST 2010
Also, does anyone have any virtual machine configured as strongSwan
gateway?...I would be of great help if anyone have.
Regards
Pankaj Gupta
On Thu, Apr 15, 2010 at 7:21 PM, pankaj gupta <beckman16 at gmail.com> wrote:
> Hi community,
>
> I am pretty desperate to make strongSwan work since last one week, but
> didnt succeded.
>
> I configured using README of strongswan 4.3.6 but connection is not
> working.
>
> I configured /etc/ipsec.conf for roadwarrior case with:
>
> 10.1.0.0/16 -- | 192.168.1.24 | === | 192.168.1.21 |
> karmic-net karmic pankaj-desktop
>
> contents of /etc/ipsec.conf:
>
> config setup
> plutodebug=control
> crlcheckinterval=180
> strictcrlpolicy=no
> charonstart=no
>
> # Add connections here.
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> left=192.168.1.24
> leftcert=karmicCert.pem
> leftid=@karmic
> leftfirewall=yes
>
> conn net-net
> leftsubnet=10.1.0.0/16
> right=192.168.1.21
> rightsubnet=10.2.0.0/16
> rightid=@pankaj-desktop
> auto=add
>
> conn host-host
> right=192.168.1.21
> rightid=@pankaj-desktop
> auto=add
>
> conn rw
> left=192.168.1.21
> leftsubnet=10.1.0.0/16
> leftcert=karmicCert.pem
> right=%any
> auto=add
>
>
>
> I have configured certificates and roadwarrior machine(pankaj-desktop) as
> well.
>
> Now, I cannot ping 10.1.0.1 from pankaj-desktop(roadwarrior).
> Also commands like 'ipsec status', 'ipsec listcerts' they are not showing
> any result.
>
> Do you see any problem in this configuration?
>
> Please help me configuring this. Let me know any other diagnosis result you
> need to know in this regard.
>
> this is part of the log from /usr/log/auth.log:
>
> Apr 15 18:35:01 karmic CRON[24082]: pam_unix(cron:session): session closed
> for user root
> Apr 15 18:38:32 karmic ipsec_starter[24120]: Starting strongSwan 4.3.6
> IPsec [starter]...
> Apr 15 18:38:43 karmic ipsec_starter[24133]: pluto too long to start... -
> kill kill
> Apr 15 18:38:45 karmic ipsec_starter[24135]: Starting strongSwan 4.3.6
> IPsec [starter]...
> Apr 15 18:38:55 karmic ipsec_starter[24160]: pluto too long to start... -
> kill kill
> Apr 15 18:38:56 karmic ipsec_starter[24160]: connect(pluto_ctl) failed: No
> such file or directory
> Apr 15 18:39:01 karmic last message repeated 3 times
> Apr 15 18:39:02 karmic ipsec_starter[24160]: starter_stop_pluto(): pluto
> does not respond, sending KILL
> Apr 15 18:39:03 karmic ipsec_starter[24160]: starter_stop_pluto(): can't
> stop pluto !!!
> Apr 15 18:39:03 karmic starter[24160]: ipsec starter stopped
> Apr 15 18:40:01 karmic CRON[24190]: pam_unix(cron:session): session opened
> for user root by (uid=0)
>
>
> when I run starter with debugging:
>
> root at karmic:~# /usr/libexec/ipsec/starter --debug-all
> Starting strongSwan 4.3.6 IPsec [starter]...
> | Default route found: iface=eth0, addr=192.168.1.24, nexthop=192.168.1.1
> | Loading config setup
> | plutodebug=all
>
> | crlcheckinterval=180
> | strictcrlpolicy=no
> | charonstart=no
> | Loading conn %default
>
> | ikelifetime=60m
> | keylife=20m
> | rekeymargin=3m
> | keyingtries=1
> | left=192.168.1.24
> | leftcert=karmicCert.pem
> | leftid=@karmic
> | leftfirewall=yes
> | Loading conn 'net-net'
>
> | leftsubnet=10.1.0.0/16
> | right=192.168.1.21
> | rightsubnet=10.2.0.0/16
> | rightid=@pankaj-desktop
> | auto=add
> | Loading conn 'host-host'
>
> | right=192.168.1.21
> | rightid=@pankaj-desktop
> | auto=add
> | Loading conn 'rw'
>
> | left=192.168.1.21
> | leftsubnet=10.1.0.0/16
> | leftcert=karmicCert.pem
> | right=%any
> | auto=add
> | Found netkey IPsec stack
>
>
> that means starter is working fine, right?
>
> Regards
> Pankaj Gupta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100415/1dc17484/attachment.html>
More information about the Users
mailing list