[strongSwan] HELP
Andreas Steffen
andreas.steffen at strongswan.org
Mon Jun 14 13:55:53 CEST 2010
Hi,
with auto=start, strongSwan should automatically start to negotiate
a connection which somehow failed. Could you post me a log from both
end points with plutodebug=control activated in ipsec.conf?
Best regards
Andreas
On 14.06.2010 13:17, Harini Gopalakrishnan wrote:
> Hi all,
> Kindly help me out in testing strongswan .Can it be done by just pinging the host machine's ip address? or it needs a GUI (network manger) for testing?
> i have installed the strongswan and have done the following configurations on moon and sun resp(host to host) kindly let me know if i am wrong.
>
> 1. First i created the self signed certificates using openssl (for both strongswanCert and moonCert)
> 2.then the configuration as below
> CONFIGURATION ON THE MOON:
>
> config setup
> # plutodebug=all
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yes
> # nat_traversal=yes
> charonstart=no
> # plutostart=no
>
> # Add connections here.
>
> # Sample VPN connections
>
> conn sample-self-signed
> left=%defaultroute
> leftcert=moonCert.pem
> right=xx.xx.xx.xx(some ip address)
> rightcert=sunCert.pem
> auto=start
>
>
> CONFIGURATION ON THE SUN:
>
> config setup
> # plutodebug=all
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yes
> # nat_traversal=yes
> charonstart=no
> # plutostart=no
>
> # Add connections here.
>
> # Sample VPN connections
>
> conn sample-self-signed
> left=%defaultroute
> leftcert=sunCert.pem
> right=xx.xx.xx.xx(ip address)
> rightcert=moonCert.pem
> auto=start
>
> after tat i pinged the the host to which i am connected and checked with the "ipsec status" command
> [connected host machine's ip]
> 000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy, OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted; eroute owner: #0
> 000 "sample-self-signed": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000
>
> Thanks in advance
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3430 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100614/5af7ef4e/attachment.bin>
More information about the Users
mailing list