[strongSwan] Problem configuring strongSwan

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 19 14:08:46 CEST 2010 

pWell,

the eth0 interface has address

   192.168.1.24

but you define

   left=192.168.1.21.

How do you suppose this is going to work? left must be the
IP of a physical interface or you alteratively can define

   left=%defaultroute

and

   leftnexthop=%direct

because your peer are all directly connected to the 192.168.1.0/24
network.

Regards

Andreas

ankaj gupta wrote:
> Hi Andreas,
> I tried 'ipsec up rw' and with other connections also, but it gives error:
> "rw": we have no ipsecN interface for either end of this connection
> 
> My setting for rw connection in ipsec.conf is:
> conn rw
>         left=192.168.1.21
>         leftsubnet=10.1.0.0/16 <http://10.1.0.0/16>
>         leftcert=karmicCert.pem
>         right=%any
>         auto=add
> 
> Running 'ifconfig' results in:
> eth0      Link encap:Ethernet  HWaddr 00:0c:29:a4:ce:89 
>           inet addr:192.168.1.24  Bcast:192.168.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::20c:29ff:fea4:ce89/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:1446144 errors:4 dropped:0 overruns:0 frame:0
>           TX packets:29047 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:685339952 (685.3 MB)  TX bytes:7713988 (7.7 MB)
>           Interrupt:18 Base address:0x2000
> 
> eth2      Link encap:Ethernet  HWaddr 00:0c:29:a4:ce:93 
>           inet addr:10.1.0.1  Bcast:10.1.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::20c:29ff:fea4:ce93/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:701810 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:33815 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:232827521 (232.8 MB)  TX bytes:7517841 (7.5 MB)
>           Interrupt:16 Base address:0x2080
> 
> lo        Link encap:Local Loopback 
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:4 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:240 (240.0 B)  TX bytes:240 (240.0 B)
> 
> virbr0    Link encap:Ethernet  HWaddr ae:7d:8f:49:de:3e 
>           inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
>           inet6 addr: fe80::ac7d:8fff:fe49:de3e/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:191 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 B)  TX bytes:17967 (17.9 KB)
> 
> I searched for the error, but got nothing specific.
> Do I need to add a line like 'interfaces=%defaultroute' in ipsec.conf file?
> 
> Regards
> Pankaj Gupta
> 
> 
> On Fri, Apr 16, 2010 at 1:26 PM, Andreas Steffen 
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>> 
> wrote:
> 
>     Ok, pluto is now successfully starting up so that you can remove
>     the --nofork option. As a next step you must initiate a connection
>     either on karmic or on pankaj-desktop with the command
> 
>      ipsec up <connection name>
> 
>     BTW you cannot define leftid=@karmic and rightid=@pankaj-desktop
>     if these IDs are not contained as subjectAltNames in the certificate
>     of the respective peer.
> 
>     Regards
> 
>     Andreas
> 
> 
>     On 16.04.2010 08:14, pankaj gupta wrote:
> 
>         Thanks so much Andreas. I did it and got overwhelming output at
>         console.
>         I am attaching the output with this mail for your review.
>         At some places it reports of some plugins not found, but doesnt stop
>         there. So think those are not creating problem.
>         There are a lot of signature verification, locking and unlocking
>         of values.
>         I could not understand if its running fine or not.
> 
>         I really appreciate your support in my distress.
> 
>         Regards
>         Pankaj Gupta
> 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list