[strongSwan] Problem configuring strongSwan

pankaj gupta beckman16 at gmail.com
Mon Apr 19 13:07:41 CEST 2010 

Also, would it work fine if I remove leftid=@karmic and
rightid=@pankaj-desktop in configuration ?

Regards
Pankaj Gupta


On Mon, Apr 19, 2010 at 1:30 PM, pankaj gupta <beckman16 at gmail.com> wrote:

> Hi Andreas,
> I tried 'ipsec up rw' and with other connections also, but it gives error:
>
> "rw": we have no ipsecN interface for either end of this connection
>
> My setting for rw connection in ipsec.conf is:
> conn rw
>         left=192.168.1.21
>         leftsubnet=10.1.0.0/16
>         leftcert=karmicCert.pem
>         right=%any
>         auto=add
>
> Running 'ifconfig' results in:
> eth0      Link encap:Ethernet  HWaddr 00:0c:29:a4:ce:89
>           inet addr:192.168.1.24  Bcast:192.168.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::20c:29ff:fea4:ce89/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:1446144 errors:4 dropped:0 overruns:0 frame:0
>           TX packets:29047 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:685339952 (685.3 MB)  TX bytes:7713988 (7.7 MB)
>           Interrupt:18 Base address:0x2000
>
> eth2      Link encap:Ethernet  HWaddr 00:0c:29:a4:ce:93
>           inet addr:10.1.0.1  Bcast:10.1.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::20c:29ff:fea4:ce93/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:701810 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:33815 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:232827521 (232.8 MB)  TX bytes:7517841 (7.5 MB)
>           Interrupt:16 Base address:0x2080
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:4 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:240 (240.0 B)  TX bytes:240 (240.0 B)
>
> virbr0    Link encap:Ethernet  HWaddr ae:7d:8f:49:de:3e
>           inet addr:192.168.122.1  Bcast:192.168.122.255
> Mask:255.255.255.0
>           inet6 addr: fe80::ac7d:8fff:fe49:de3e/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:191 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 B)  TX bytes:17967 (17.9 KB)
>
> I searched for the error, but got nothing specific.
> Do I need to add a line like 'interfaces=%defaultroute' in ipsec.conf
> file?
>
> Regards
> Pankaj Gupta
>
>
>
> On Fri, Apr 16, 2010 at 1:26 PM, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>
>> Ok, pluto is now successfully starting up so that you can remove
>> the --nofork option. As a next step you must initiate a connection
>> either on karmic or on pankaj-desktop with the command
>>
>>  ipsec up <connection name>
>>
>> BTW you cannot define leftid=@karmic and rightid=@pankaj-desktop
>> if these IDs are not contained as subjectAltNames in the certificate
>> of the respective peer.
>>
>> Regards
>>
>> Andreas
>>
>>
>> On 16.04.2010 08:14, pankaj gupta wrote:
>>
>>> Thanks so much Andreas. I did it and got overwhelming output at console.
>>> I am attaching the output with this mail for your review.
>>> At some places it reports of some plugins not found, but doesnt stop
>>> there. So think those are not creating problem.
>>> There are a lot of signature verification, locking and unlocking of
>>> values.
>>> I could not understand if its running fine or not.
>>>
>>> I really appreciate your support in my distress.
>>>
>>> Regards
>>> Pankaj Gupta
>>>
>>
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Linux VPN Solution!                www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100419/1c3ad6ae/attachment.html>

More information about the Users mailing list