[strongSwan] Interoperability testing between strongswan and HPUX-IPSec.

Andreas Steffen andreas.steffen at strongswan.org
Tue Aug 23 20:16:06 CEST 2011


Hello Murali,

it seems that strongSwan was already running.
Did you try

  ipsec restart

if  the connection is still not known then probably a syntax
error occurred in the connection definition. Execute the
command

  ipsec reload

and check if any syntax errors are written to the log.

Regards

Andreas

On 23.08.2011 15:00, Chakravarthy, Chintagunta Murali Mohan
(HPUX-Network Security) wrote:
> Hi,
> 
> I’m a newbie to Strongswan. I’m trying to do Interoperability testing
> between Strongswan IPsec implementation and HPUX –IPSec.
> 
> I’m having some initial hiccups.
> 
> I’m getting following error “021 no connection named "hpux"”
> 
> I have choosen unbuntu to install strongswan I have installed following
> version of strongswan
> 
> root at XXXX:~# ipsec version
> 
> Linux strongSwan U4.3.2/K2.6.34
> 
> Institute for Internet Technologies and Applications
> 
> University of Applied Sciences Rapperswil, Switzerland
> 
> See 'ipsec --copyright' for copyright information.
> 
> I have following ipsec.conf file.
> 
> root at XXXX:~# cat /etc/ipsec.conf
> 
> # ipsec.conf - strongSwan IPsec configuration file
> 
>  
> 
> # basic configuration
> 
>  
> 
> config setup
> 
>         # plutodebug=all
>         # crlcheckinterval=600
>         # strictcrlpolicy=yes
>         # cachecrls=yes
>         # nat_traversal=yes
>         charonstart=yes
>         plutostart=yes
> 
> # Add connections here.
> 
>  
> 
> # Sample VPN connections
> 
>  
> 
> #conn sample-self-signed
> 
> #      left=%defaultroute
> 
> #      leftsubnet=10.1.0.0/16
> 
> #      leftcert=selfCert.der
> 
> #      leftsendcert=never
> 
> #      right=192.168.0.2
> 
> #      rightsubnet=10.2.0.0/16
> 
> #      rightcert=peerCert.der
> 
> #      auto=start
> 
>  
> 
> #conn sample-with-ca-cert
> 
> #      left=%defaultroute
> 
> #      leftsubnet=10.1.0.0/16
> 
> #      leftcert=myCert.pem
> 
> #      right=192.168.0.2
> 
> #      rightsubnet=10.2.0.0/16
> 
> #      rightid="C=CH, O=Linux strongSwan CN=peer name"
> 
> #      keyexchange=ikev2
> 
> #      auto=start
> 
>  
> 
> conn %default
> 
>         ikelifetime=60m
> 
>         keylife=20m
> 
>         rekeymargin=3m
> 
>         keyingtries=1
> 
>         keyexchange=ikev1
> 
>         auth=ah
> 
>         ike=3des-sha
> 
>         esp=3des-sha1
> 
>  
> 
> conn hpux
> 
>         auto=add
> 
>         type=transport
> 
>         authby=secret
> 
>         left=192.168.0.2
> 
>         leftnexthop=%defaultroute
> 
>         right=10.1.0.1
> 
>         rightnexthop=%defaultroute
> 
>  
> 
> include /var/lib/strongswan/ipsec.conf.inc
> 
>  
> 
>  
> 
>  
> 
> /etc/ipsec.secrets
> 
>  
> 
> # This file holds shared secrets or RSA private keys for inter-Pluto
> 
> # authentication.  See ipsec_pluto(8) manpage, and HTML documentation.
> 
>  
> 
> # RSA private key for this host, authenticating it to any other host
> 
> # which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
> 
> # or configuration of other implementations, can be extracted conveniently
> 
> # with "ipsec showhostkey".
> 
>  
> 
> # this file is managed with debconf and will contain the automatically
> created private key
> 
> include /var/lib/strongswan/ipsec.secrets.inc
> 
>  
> 
> %any %any: PSK "ipsec1234"
> 
>  
> 
>  
> 
> Following this I have done ipsec start
> 
>  
> 
>  
> 
> Starting strongSwan 4.3.2 IPsec [starter]...
> 
> pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
> 
> charon is already running (/var/run/charon.pid exists) -- skipping
> charon start
> 
> starter is already running (/var/run/starter.pid exists) -- no fork done
> 
>  
> 
> and
> 
>  
> 
> ipsec up hpux
> 
>  
> 
> root at XXXX:~# ipsec up hpux
> 
> 021 no connection named "hpux"
> 
>  
> 
>  
> 
> I googled a little bit and found that I need to add  auto=add in the
> /etc/ipsec.conf. But it didn’t help.
> 
>  
> 
> Can someone please help resolving this.
> 
>  
> 
> Thanks,
> 
> Murali

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list