[strongSwan] HELP

Andreas Steffen andreas.steffen at strongswan.org
Mon Jun 14 13:55:53 CEST 2010


Hi,

with auto=start, strongSwan should automatically start to negotiate
a connection which somehow failed. Could you post me a log from both
end points with plutodebug=control activated in ipsec.conf?

Best regards

Andreas

On 14.06.2010 13:17, Harini Gopalakrishnan wrote:
> Hi all,
> Kindly help me out in testing strongswan .Can it be done by just pinging the host machine's ip address? or it needs a GUI (network manger) for testing?
> i have installed the strongswan and have done the following configurations on moon and sun resp(host to host) kindly let me know if i am wrong.
>
> 1. First i created the self signed certificates using openssl (for both strongswanCert and moonCert)
> 2.then the configuration as below
> CONFIGURATION ON THE MOON:
>
> config setup
>          # plutodebug=all
>          # crlcheckinterval=600
>          # strictcrlpolicy=yes
>          # cachecrls=yes
>          # nat_traversal=yes
>           charonstart=no
>          # plutostart=no
>
> # Add connections here.
>
> # Sample VPN connections
>
> conn sample-self-signed
>           left=%defaultroute
>           leftcert=moonCert.pem
>           right=xx.xx.xx.xx(some ip address)
>           rightcert=sunCert.pem
>           auto=start
>
>
> CONFIGURATION ON THE SUN:
>
> config setup
>          # plutodebug=all
>          # crlcheckinterval=600
>          # strictcrlpolicy=yes
>          # cachecrls=yes
>          # nat_traversal=yes
>           charonstart=no
>          # plutostart=no
>
> # Add connections here.
>
> # Sample VPN connections
>
> conn sample-self-signed
>           left=%defaultroute
>           leftcert=sunCert.pem
>           right=xx.xx.xx.xx(ip address)
>           rightcert=moonCert.pem
>           auto=start
>
> after tat i pinged the the host to which i am connected and checked with  the "ipsec status" command
>                                                                                                                                                                                                       [connected host machine's ip]
> 000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy, OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted; eroute owner: #0
> 000 "sample-self-signed":   newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000
>
> Thanks in advance

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100614/5af7ef4e/attachment.bin>


More information about the Users mailing list