[strongSwan] Problem configuring strongSwan

pankaj gupta beckman16 at gmail.com
Thu Apr 15 15:52:32 CEST 2010


Also, does anyone have any virtual machine configured as strongSwan
gateway?...I would be of great help if anyone have.

Regards
Pankaj Gupta


On Thu, Apr 15, 2010 at 7:21 PM, pankaj gupta <beckman16 at gmail.com> wrote:

> Hi community,
>
> I am pretty desperate to make strongSwan work since last one week, but
> didnt succeded.
>
> I configured using README of strongswan 4.3.6 but connection is not
> working.
>
> I configured /etc/ipsec.conf for roadwarrior case with:
>
>     10.1.0.0/16 -- | 192.168.1.24 | === | 192.168.1.21 |
>       karmic-net          karmic              pankaj-desktop
>
> contents of /etc/ipsec.conf:
>
> config setup
>         plutodebug=control
>         crlcheckinterval=180
>         strictcrlpolicy=no
>         charonstart=no
>
> # Add connections here.
>
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         left=192.168.1.24
>         leftcert=karmicCert.pem
>         leftid=@karmic
>         leftfirewall=yes
>
> conn net-net
>         leftsubnet=10.1.0.0/16
>         right=192.168.1.21
>         rightsubnet=10.2.0.0/16
>         rightid=@pankaj-desktop
>         auto=add
>
> conn host-host
>         right=192.168.1.21
>         rightid=@pankaj-desktop
>         auto=add
>
> conn rw
>         left=192.168.1.21
>         leftsubnet=10.1.0.0/16
>         leftcert=karmicCert.pem
>         right=%any
>         auto=add
>
>
>
> I have configured certificates and roadwarrior machine(pankaj-desktop) as
> well.
>
> Now, I cannot ping 10.1.0.1 from pankaj-desktop(roadwarrior).
> Also commands like 'ipsec status', 'ipsec listcerts' they are not showing
> any result.
>
> Do you see any problem in this configuration?
>
> Please help me configuring this. Let me know any other diagnosis result you
> need to know in this regard.
>
> this is part of the log from /usr/log/auth.log:
>
> Apr 15 18:35:01 karmic CRON[24082]: pam_unix(cron:session): session closed
> for user root
> Apr 15 18:38:32 karmic ipsec_starter[24120]: Starting strongSwan 4.3.6
> IPsec [starter]...
> Apr 15 18:38:43 karmic ipsec_starter[24133]: pluto too long to start... -
> kill kill
> Apr 15 18:38:45 karmic ipsec_starter[24135]: Starting strongSwan 4.3.6
> IPsec [starter]...
> Apr 15 18:38:55 karmic ipsec_starter[24160]: pluto too long to start... -
> kill kill
> Apr 15 18:38:56 karmic ipsec_starter[24160]: connect(pluto_ctl) failed: No
> such file or directory
> Apr 15 18:39:01 karmic last message repeated 3 times
> Apr 15 18:39:02 karmic ipsec_starter[24160]: starter_stop_pluto(): pluto
> does not respond, sending KILL
> Apr 15 18:39:03 karmic ipsec_starter[24160]: starter_stop_pluto(): can't
> stop pluto !!!
> Apr 15 18:39:03 karmic starter[24160]: ipsec starter stopped
> Apr 15 18:40:01 karmic CRON[24190]: pam_unix(cron:session): session opened
> for user root by (uid=0)
>
>
> when I run starter with debugging:
>
> root at karmic:~# /usr/libexec/ipsec/starter --debug-all
> Starting strongSwan 4.3.6 IPsec [starter]...
> | Default route found: iface=eth0, addr=192.168.1.24, nexthop=192.168.1.1
> | Loading config setup
> |   plutodebug=all
>
> |   crlcheckinterval=180
> |   strictcrlpolicy=no
> |   charonstart=no
> | Loading conn %default
>
> |   ikelifetime=60m
> |   keylife=20m
> |   rekeymargin=3m
> |   keyingtries=1
> |   left=192.168.1.24
> |   leftcert=karmicCert.pem
> |   leftid=@karmic
> |   leftfirewall=yes
> | Loading conn 'net-net'
>
> |   leftsubnet=10.1.0.0/16
> |   right=192.168.1.21
> |   rightsubnet=10.2.0.0/16
> |   rightid=@pankaj-desktop
> |   auto=add
> | Loading conn 'host-host'
>
> |   right=192.168.1.21
> |   rightid=@pankaj-desktop
> |   auto=add
> | Loading conn 'rw'
>
> |   left=192.168.1.21
> |   leftsubnet=10.1.0.0/16
> |   leftcert=karmicCert.pem
> |   right=%any
> |   auto=add
> | Found netkey IPsec stack
>
>
> that means starter is working fine, right?
>
> Regards
> Pankaj Gupta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100415/1dc17484/attachment.html>


More information about the Users mailing list