[strongSwan] strongswan inactive

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 18 23:20:04 CEST 2011

If you define rightid=@ip-10-5-5-161

then your definition in ipsec.secrets should be

@ip-10-5-5-161 %any : PSK "Rel1439 at RCM#123"

Why don't you use IKEv2 which does all the leftsourceip stuff
automatically and is much more robust in NAT situations?

And please use aes128-sha1 in place of 3des-md5



On 04/18/2011 11:49 AM, neil payne wrote:
> Apologies, I forgot to attach my config files - I've since verified
> packets are arriving from my source server ( to my
> firewall on the left but it doesn't even seem to try and encrypt the
> traffic - any assistance or pointers would be greatly appreciated?
> On 17 Apr 2011, at 19:56, neil payne wrote:
>> Hi, I've been trying to set up a vpn (ike v1, site to site with
>> PSK) for the last few weeks between two ubuntu hosts without
>> success. I've tried the varying configuration options like using
>> rightsubnetwithin instead of rightsubnet and testing from the
>> firewalls using leftsourceip but nothing seems to generate
>> interesting traffic. I have manually edited ipsec.conf and
>> ipsec.secrets only, am I missing a fundamental step? I'm attaching
>> the config files (ipsec.secrets contents appended to the end of
>> ipsec.conf for convenience of attaching only 2 files here instead
>> of 4), I don't see any traffic from the left firewall hitting the
>> right firewall. The only peculiarity may be that the left firewall
>> is within an Amazon cloud but I'm lead to believe this should not
>> stop the ipsec tunnel from building - please help if you can? 
>> Regards, Neil.

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list