[strongSwan] Windows 7 IKEv2 problems
Kevin Clark
kevin.clark at csoft.co.uk
Thu May 6 14:38:31 CEST 2010
Still hoping for some insight into two problems I'm seeing with a Windows 7 IKEv2 road-warrior setup:
1) Charon fails to release ip address with "releasing address to pool 'rw-win7' failed"
2) Windows 7 does not create a route to support the subnet behind the Strongswan gateway when "class based route addition" is selected
Strongswan 4.3.6 is installed on CentOS 5.4 (kernel 2.6.18) and configured with:
./configure --sysconfdir=/etc --prefix=/usr --enable-eap-mschapv2 --enable-eap-identity --enable-md5 --enable-md4 --enable-nat-transport
--- ipsec.conf ---
config setup
plutostart=no
charonstart=yes
conn %default
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekey=no
left=10.0.0.1
leftsubnet=192.168.0.0/24
leftid=@10.0.0.1
leftcert=10.0.0.1.crt
leftfirewall=yes
conn rw-win7
mobike=yes
keyexchange=ikev2
right=%any
rightsourceip=192.168.7.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
--- /etc/strongswan.conf ---
# strongswan.conf - strongSwan configuration file
charon {
dns1 = 192.168.0.1
dns2 = 192.168.0.2
nbns1 = 192.168.0.3
# Two defined file loggers. Each subsection is either a file
# in the filesystem or one of: stdout, stderr.
filelog {
/var/log/charon.log {
# loggers to files also accept the append option to open files in
# append mode at startup (default is yes)
append = no
# the default loglevel for all daemon subsystems (defaults to 1).
default = 1
}
stderr {
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
}
}
# And two loggers using syslog. The subsections define the facility to log
# to, currently one of: daemon, auth.
syslog {
# default level to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 0
}
}
}
Any ideas?
Kevin
More information about the Users
mailing list