[strongSwan] strongswan inactive
Andreas Steffen
andreas.steffen at strongswan.org
Mon Apr 18 23:20:04 CEST 2011
If you define rightid=@ip-10-5-5-161
then your definition in ipsec.secrets should be
@ip-10-5-5-161 %any : PSK "Rel1439 at RCM#123"
Why don't you use IKEv2 which does all the leftsourceip stuff
automatically and is much more robust in NAT situations?
And please use aes128-sha1 in place of 3des-md5
Regards
Andreas
On 04/18/2011 11:49 AM, neil payne wrote:
> Apologies, I forgot to attach my config files - I've since verified
> packets are arriving from my source server (10.5.51.10) to my
> firewall on the left but it doesn't even seem to try and encrypt the
> traffic - any assistance or pointers would be greatly appreciated?
>
>
>
>
>
> On 17 Apr 2011, at 19:56, neil payne wrote:
>
>>
>> Hi, I've been trying to set up a vpn (ike v1, site to site with
>> PSK) for the last few weeks between two ubuntu hosts without
>> success. I've tried the varying configuration options like using
>> rightsubnetwithin instead of rightsubnet and testing from the
>> firewalls using leftsourceip but nothing seems to generate
>> interesting traffic. I have manually edited ipsec.conf and
>> ipsec.secrets only, am I missing a fundamental step? I'm attaching
>> the config files (ipsec.secrets contents appended to the end of
>> ipsec.conf for convenience of attaching only 2 files here instead
>> of 4), I don't see any traffic from the left firewall hitting the
>> right firewall. The only peculiarity may be that the left firewall
>> is within an Amazon cloud but I'm lead to believe this should not
>> stop the ipsec tunnel from building - please help if you can?
>> Regards, Neil.
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list