[strongSwan] Problem configuring strongSwan
pankaj gupta
beckman16 at gmail.com
Mon Apr 19 10:00:03 CEST 2010
Hi Andreas,
I tried 'ipsec up rw' and with other connections also, but it gives error:
"rw": we have no ipsecN interface for either end of this connection
My setting for rw connection in ipsec.conf is:
conn rw
left=192.168.1.21
leftsubnet=10.1.0.0/16
leftcert=karmicCert.pem
right=%any
auto=add
Running 'ifconfig' results in:
eth0 Link encap:Ethernet HWaddr 00:0c:29:a4:ce:89
inet addr:192.168.1.24 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fea4:ce89/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1446144 errors:4 dropped:0 overruns:0 frame:0
TX packets:29047 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:685339952 (685.3 MB) TX bytes:7713988 (7.7 MB)
Interrupt:18 Base address:0x2000
eth2 Link encap:Ethernet HWaddr 00:0c:29:a4:ce:93
inet addr:10.1.0.1 Bcast:10.1.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fea4:ce93/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:701810 errors:0 dropped:0 overruns:0 frame:0
TX packets:33815 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:232827521 (232.8 MB) TX bytes:7517841 (7.5 MB)
Interrupt:16 Base address:0x2080
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:240 (240.0 B) TX bytes:240 (240.0 B)
virbr0 Link encap:Ethernet HWaddr ae:7d:8f:49:de:3e
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::ac7d:8fff:fe49:de3e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:191 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:17967 (17.9 KB)
I searched for the error, but got nothing specific.
Do I need to add a line like 'interfaces=%defaultroute' in ipsec.conf file?
Regards
Pankaj Gupta
On Fri, Apr 16, 2010 at 1:26 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Ok, pluto is now successfully starting up so that you can remove
> the --nofork option. As a next step you must initiate a connection
> either on karmic or on pankaj-desktop with the command
>
> ipsec up <connection name>
>
> BTW you cannot define leftid=@karmic and rightid=@pankaj-desktop
> if these IDs are not contained as subjectAltNames in the certificate
> of the respective peer.
>
> Regards
>
> Andreas
>
>
> On 16.04.2010 08:14, pankaj gupta wrote:
>
>> Thanks so much Andreas. I did it and got overwhelming output at console.
>> I am attaching the output with this mail for your review.
>> At some places it reports of some plugins not found, but doesnt stop
>> there. So think those are not creating problem.
>> There are a lot of signature verification, locking and unlocking of
>> values.
>> I could not understand if its running fine or not.
>>
>> I really appreciate your support in my distress.
>>
>> Regards
>> Pankaj Gupta
>>
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100419/5097706c/attachment.html>
More information about the Users
mailing list