[strongSwan] Telnet over a tunnel using Local IP (rather than Public IP)

Anupam Malhotra anupam.malhotra at u2opiamobile.com
Fri Dec 23 11:17:52 CET 2011 

Hi Thomas

The IKE_SA-negotiation is not failing. The tunnel is coming up. Only issue
is that the local IP is being seen at the remote end (rather than the public
IP). 

@Gowrishankar: I added the below snippet in strongsan.conf. But I do not see
/var/log/charon.log getting created. Is there anything else that needs to be
done so that this log file is created?

Best Regards
Anupam Malhotra


-----Original Message-----
From: gowrishankar [mailto:gowrishankar.m at linux.vnet.ibm.com] 
Sent: Friday, December 23, 2011 3:20 PM
To: Anupam Malhotra
Cc: Thomas Egerer; users at lists.strongswan.org
Subject: Re: [strongSwan] Telnet over a tunnel using Local IP (rather than
Public IP)

On Friday 23 December 2011 03:12 PM, Thomas Egerer wrote:
> On 12/23/2011 09:40 AM, Anupam Malhotra wrote:
>> Hi Thomas
>>
>> I did try "left=xp.xp.xp.xp". In that case, even the tunnel is not
>> established. Is there anything else which I can try here?
> Make sure that right on your cloud-server is xp.xp.xp.xp, too or
> %any. If that doesn't do the trick, why don't you post the config
> files on both of the servers and append the logs of the failed
> IKE_SA-negotiation.
>
BTW, can you also try to check if charon.log shows any interesting error ?
If strongswan.conf does not have filelog, you can try below one
and share your findings (imp errors).

     filelog {
         /var/log/charon.log {
             # add a timestamp prefix
             time_format = %b %e %T

             # loggers to files also accept the append option to open 
files in
             # append mode at startup (default is yes)
             append = no

             # the default loglevel for all daemon subsystems (defaults 
to 1).
             default = 4

             # flush each line to disk
             flush_line = yes

         }
             default = 4

             # prepend connection name, simplifies grepping
             ike_name = yes
         }
     }


Thanks,
Gowri Shankar
> Cheers
> Thomas
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list