[strongSwan] HELP
Harini Gopalakrishnan
Harini.Gopalakrishnan at lntinfotech.com
Mon Jun 14 13:17:39 CEST 2010
Hi all,
Kindly help me out in testing strongswan .Can it be done by just pinging the host machine's ip address? or it needs a GUI (network manger) for testing?
i have installed the strongswan and have done the following configurations on moon and sun resp(host to host) kindly let me know if i am wrong.
1. First i created the self signed certificates using openssl (for both strongswanCert and moonCert)
2.then the configuration as below
CONFIGURATION ON THE MOON:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=no
# plutostart=no
# Add connections here.
# Sample VPN connections
conn sample-self-signed
left=%defaultroute
leftcert=moonCert.pem
right=xx.xx.xx.xx(some ip address)
rightcert=sunCert.pem
auto=start
CONFIGURATION ON THE SUN:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=no
# plutostart=no
# Add connections here.
# Sample VPN connections
conn sample-self-signed
left=%defaultroute
leftcert=sunCert.pem
right=xx.xx.xx.xx(ip address)
rightcert=moonCert.pem
auto=start
after tat i pinged the the host to which i am connected and checked with the "ipsec status" command
[connected host machine's ip]
000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy, OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted; eroute owner: #0
000 "sample-self-signed": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
Thanks in advance
This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system.
______________________________________________________________________
More information about the Users
mailing list