[strongSwan] Interoperability testing between strongswan and HPUX-IPSec.
Andreas Steffen
andreas.steffen at strongswan.org
Tue Aug 23 20:16:06 CEST 2011
Hello Murali,
it seems that strongSwan was already running.
Did you try
ipsec restart
if the connection is still not known then probably a syntax
error occurred in the connection definition. Execute the
command
ipsec reload
and check if any syntax errors are written to the log.
Regards
Andreas
On 23.08.2011 15:00, Chakravarthy, Chintagunta Murali Mohan
(HPUX-Network Security) wrote:
> Hi,
>
> I’m a newbie to Strongswan. I’m trying to do Interoperability testing
> between Strongswan IPsec implementation and HPUX –IPSec.
>
> I’m having some initial hiccups.
>
> I’m getting following error “021 no connection named "hpux"”
>
> I have choosen unbuntu to install strongswan I have installed following
> version of strongswan
>
> root at XXXX:~# ipsec version
>
> Linux strongSwan U4.3.2/K2.6.34
>
> Institute for Internet Technologies and Applications
>
> University of Applied Sciences Rapperswil, Switzerland
>
> See 'ipsec --copyright' for copyright information.
>
> I have following ipsec.conf file.
>
> root at XXXX:~# cat /etc/ipsec.conf
>
> # ipsec.conf - strongSwan IPsec configuration file
>
>
>
> # basic configuration
>
>
>
> config setup
>
> # plutodebug=all
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yes
> # nat_traversal=yes
> charonstart=yes
> plutostart=yes
>
> # Add connections here.
>
>
>
> # Sample VPN connections
>
>
>
> #conn sample-self-signed
>
> # left=%defaultroute
>
> # leftsubnet=10.1.0.0/16
>
> # leftcert=selfCert.der
>
> # leftsendcert=never
>
> # right=192.168.0.2
>
> # rightsubnet=10.2.0.0/16
>
> # rightcert=peerCert.der
>
> # auto=start
>
>
>
> #conn sample-with-ca-cert
>
> # left=%defaultroute
>
> # leftsubnet=10.1.0.0/16
>
> # leftcert=myCert.pem
>
> # right=192.168.0.2
>
> # rightsubnet=10.2.0.0/16
>
> # rightid="C=CH, O=Linux strongSwan CN=peer name"
>
> # keyexchange=ikev2
>
> # auto=start
>
>
>
> conn %default
>
> ikelifetime=60m
>
> keylife=20m
>
> rekeymargin=3m
>
> keyingtries=1
>
> keyexchange=ikev1
>
> auth=ah
>
> ike=3des-sha
>
> esp=3des-sha1
>
>
>
> conn hpux
>
> auto=add
>
> type=transport
>
> authby=secret
>
> left=192.168.0.2
>
> leftnexthop=%defaultroute
>
> right=10.1.0.1
>
> rightnexthop=%defaultroute
>
>
>
> include /var/lib/strongswan/ipsec.conf.inc
>
>
>
>
>
>
>
> /etc/ipsec.secrets
>
>
>
> # This file holds shared secrets or RSA private keys for inter-Pluto
>
> # authentication. See ipsec_pluto(8) manpage, and HTML documentation.
>
>
>
> # RSA private key for this host, authenticating it to any other host
>
> # which knows the public part. Suitable public keys, for ipsec.conf, DNS,
>
> # or configuration of other implementations, can be extracted conveniently
>
> # with "ipsec showhostkey".
>
>
>
> # this file is managed with debconf and will contain the automatically
> created private key
>
> include /var/lib/strongswan/ipsec.secrets.inc
>
>
>
> %any %any: PSK "ipsec1234"
>
>
>
>
>
> Following this I have done ipsec start
>
>
>
>
>
> Starting strongSwan 4.3.2 IPsec [starter]...
>
> pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
>
> charon is already running (/var/run/charon.pid exists) -- skipping
> charon start
>
> starter is already running (/var/run/starter.pid exists) -- no fork done
>
>
>
> and
>
>
>
> ipsec up hpux
>
>
>
> root at XXXX:~# ipsec up hpux
>
> 021 no connection named "hpux"
>
>
>
>
>
> I googled a little bit and found that I need to add auto=add in the
> /etc/ipsec.conf. But it didn’t help.
>
>
>
> Can someone please help resolving this.
>
>
>
> Thanks,
>
> Murali
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list