[strongSwan] HELP

Harini Gopalakrishnan Harini.Gopalakrishnan at lntinfotech.com
Mon Jun 14 13:17:39 CEST 2010


Hi all,
Kindly help me out in testing strongswan .Can it be done by just pinging the host machine's ip address? or it needs a GUI (network manger) for testing?
i have installed the strongswan and have done the following configurations on moon and sun resp(host to host) kindly let me know if i am wrong.

1. First i created the self signed certificates using openssl (for both strongswanCert and moonCert)
2.then the configuration as below
CONFIGURATION ON THE MOON:

config setup
        # plutodebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        # cachecrls=yes
        # nat_traversal=yes
         charonstart=no
        # plutostart=no

# Add connections here.

# Sample VPN connections

conn sample-self-signed
         left=%defaultroute
         leftcert=moonCert.pem
         right=xx.xx.xx.xx(some ip address)
         rightcert=sunCert.pem
         auto=start


CONFIGURATION ON THE SUN:

config setup
        # plutodebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        # cachecrls=yes
        # nat_traversal=yes
         charonstart=no
        # plutostart=no

# Add connections here.

# Sample VPN connections

conn sample-self-signed
         left=%defaultroute
         leftcert=sunCert.pem
         right=xx.xx.xx.xx(ip address)
         rightcert=moonCert.pem
         auto=start

after tat i pinged the the host to which i am connected and checked with  the "ipsec status" command
                                                                                                                                                                                                     [connected host machine's ip]
000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy, OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted; eroute owner: #0
000 "sample-self-signed":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000

Thanks in advance


This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.

______________________________________________________________________




More information about the Users mailing list