[strongSwan] Problem configuring strongSwan

pankaj gupta beckman16 at gmail.com
Thu Apr 15 16:16:37 CEST 2010 

Also, I have installed strongSwan using synaptic, that generated server
sertificates and placed them in /etc/ipsec.d/certs/ directory.

There was no certificate under /etc/ipsec.d/cacerts/ directory, so I
generated them using :
 "openssl req -x509 -days 1460 -newkey rsa:2048      -keyout
strongswanKey.pem -out strongswanCert.pem"

I have not changed the server certificates.

I did same on roadwarrior machine...is that proper to do?

Regards
Pankaj Gupta


On Thu, Apr 15, 2010 at 7:22 PM, pankaj gupta <beckman16 at gmail.com> wrote:

> Also, does anyone have any virtual machine configured as strongSwan
> gateway?...I would be of great help if anyone have.
>
> Regards
> Pankaj Gupta
>
>
>
> On Thu, Apr 15, 2010 at 7:21 PM, pankaj gupta <beckman16 at gmail.com> wrote:
>
>> Hi community,
>>
>> I am pretty desperate to make strongSwan work since last one week, but
>> didnt succeded.
>>
>> I configured using README of strongswan 4.3.6 but connection is not
>> working.
>>
>> I configured /etc/ipsec.conf for roadwarrior case with:
>>
>>     10.1.0.0/16 -- | 192.168.1.24 | === | 192.168.1.21 |
>>       karmic-net          karmic              pankaj-desktop
>>
>> contents of /etc/ipsec.conf:
>>
>> config setup
>>         plutodebug=control
>>         crlcheckinterval=180
>>         strictcrlpolicy=no
>>         charonstart=no
>>
>> # Add connections here.
>>
>> conn %default
>>         ikelifetime=60m
>>         keylife=20m
>>         rekeymargin=3m
>>         keyingtries=1
>>         left=192.168.1.24
>>         leftcert=karmicCert.pem
>>         leftid=@karmic
>>         leftfirewall=yes
>>
>> conn net-net
>>         leftsubnet=10.1.0.0/16
>>         right=192.168.1.21
>>         rightsubnet=10.2.0.0/16
>>         rightid=@pankaj-desktop
>>         auto=add
>>
>> conn host-host
>>         right=192.168.1.21
>>         rightid=@pankaj-desktop
>>         auto=add
>>
>> conn rw
>>         left=192.168.1.21
>>         leftsubnet=10.1.0.0/16
>>         leftcert=karmicCert.pem
>>         right=%any
>>         auto=add
>>
>>
>>
>> I have configured certificates and roadwarrior machine(pankaj-desktop) as
>> well.
>>
>> Now, I cannot ping 10.1.0.1 from pankaj-desktop(roadwarrior).
>> Also commands like 'ipsec status', 'ipsec listcerts' they are not showing
>> any result.
>>
>> Do you see any problem in this configuration?
>>
>> Please help me configuring this. Let me know any other diagnosis result
>> you need to know in this regard.
>>
>> this is part of the log from /usr/log/auth.log:
>>
>> Apr 15 18:35:01 karmic CRON[24082]: pam_unix(cron:session): session closed
>> for user root
>> Apr 15 18:38:32 karmic ipsec_starter[24120]: Starting strongSwan 4.3.6
>> IPsec [starter]...
>> Apr 15 18:38:43 karmic ipsec_starter[24133]: pluto too long to start... -
>> kill kill
>> Apr 15 18:38:45 karmic ipsec_starter[24135]: Starting strongSwan 4.3.6
>> IPsec [starter]...
>> Apr 15 18:38:55 karmic ipsec_starter[24160]: pluto too long to start... -
>> kill kill
>> Apr 15 18:38:56 karmic ipsec_starter[24160]: connect(pluto_ctl) failed: No
>> such file or directory
>> Apr 15 18:39:01 karmic last message repeated 3 times
>> Apr 15 18:39:02 karmic ipsec_starter[24160]: starter_stop_pluto(): pluto
>> does not respond, sending KILL
>> Apr 15 18:39:03 karmic ipsec_starter[24160]: starter_stop_pluto(): can't
>> stop pluto !!!
>> Apr 15 18:39:03 karmic starter[24160]: ipsec starter stopped
>> Apr 15 18:40:01 karmic CRON[24190]: pam_unix(cron:session): session opened
>> for user root by (uid=0)
>>
>>
>> when I run starter with debugging:
>>
>> root at karmic:~# /usr/libexec/ipsec/starter --debug-all
>> Starting strongSwan 4.3.6 IPsec [starter]...
>> | Default route found: iface=eth0, addr=192.168.1.24, nexthop=192.168.1.1
>> | Loading config setup
>> |   plutodebug=all
>>
>> |   crlcheckinterval=180
>> |   strictcrlpolicy=no
>> |   charonstart=no
>> | Loading conn %default
>>
>> |   ikelifetime=60m
>> |   keylife=20m
>> |   rekeymargin=3m
>> |   keyingtries=1
>> |   left=192.168.1.24
>> |   leftcert=karmicCert.pem
>> |   leftid=@karmic
>> |   leftfirewall=yes
>> | Loading conn 'net-net'
>>
>> |   leftsubnet=10.1.0.0/16
>> |   right=192.168.1.21
>> |   rightsubnet=10.2.0.0/16
>> |   rightid=@pankaj-desktop
>> |   auto=add
>> | Loading conn 'host-host'
>>
>> |   right=192.168.1.21
>> |   rightid=@pankaj-desktop
>> |   auto=add
>> | Loading conn 'rw'
>>
>> |   left=192.168.1.21
>> |   leftsubnet=10.1.0.0/16
>> |   leftcert=karmicCert.pem
>> |   right=%any
>> |   auto=add
>> | Found netkey IPsec stack
>>
>>
>> that means starter is working fine, right?
>>
>> Regards
>> Pankaj Gupta
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100415/a05a77e5/attachment.html>

More information about the Users mailing list