[strongSwan] Interoperability testing between strongswan and HPUX-IPSec.

Chakravarthy, Chintagunta Murali Mohan (HPUX-Network Security) murali-mohan.chakravarthy at hp.com
Tue Aug 23 15:00:30 CEST 2011 

Hi,

I'm a newbie to Strongswan. I'm trying to do Interoperability testing between Strongswan IPsec implementation and HPUX -IPSec.

I'm having some initial hiccups.

I'm getting following error "021 no connection named "hpux""

I have choosen unbuntu to install strongswan I have installed following version of strongswan

root at XXXX:~# ipsec version
Linux strongSwan U4.3.2/K2.6.34
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.


I have following ipsec.conf file.

root at XXXX:~# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # plutodebug=all
        # crlcheckinterval=600
        # strictcrlpolicy=yes
        # cachecrls=yes
        # nat_traversal=yes
        charonstart=yes
        plutostart=yes

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      left=%defaultroute
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      left=%defaultroute
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      keyexchange=ikev2
#      auto=start

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        auth=ah
        ike=3des-sha
        esp=3des-sha1

conn hpux
        auto=add
        type=transport
        authby=secret
        left=192.168.0.2
        leftnexthop=%defaultroute
        right=10.1.0.1
        rightnexthop=%defaultroute

include /var/lib/strongswan/ipsec.conf.inc



/etc/ipsec.secrets

# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc

%any %any: PSK "ipsec1234"


Following this I have done ipsec start


Starting strongSwan 4.3.2 IPsec [starter]...
pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
charon is already running (/var/run/charon.pid exists) -- skipping charon start
starter is already running (/var/run/starter.pid exists) -- no fork done

and

ipsec up hpux

root at XXXX:~# ipsec up hpux
021 no connection named "hpux"


I googled a little bit and found that I need to add  auto=add in the /etc/ipsec.conf. But it didn't help.

Can someone please help resolving this.

Thanks,
Murali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110823/a2e365a0/attachment.html>

More information about the Users mailing list