[strongSwan] Telnet over a tunnel using Local IP (rather than Public IP)

gowrishankar gowrishankar.m at linux.vnet.ibm.com
Fri Dec 23 11:23:49 CET 2011


On Friday 23 December 2011 03:47 PM, Anupam Malhotra wrote:
> Hi Thomas
>
> The IKE_SA-negotiation is not failing. The tunnel is coming up. Only issue
> is that the local IP is being seen at the remote end (rather than the public
> IP).
>
> @Gowrishankar: I added the below snippet in strongsan.conf. But I do not see
> /var/log/charon.log getting created. Is there anything else that needs to be
> done so that this log file is created?
>
Hope you are running with charonstart=yes in ipsec.conf. Some more info 
abt logger in
http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

Can you check if this helps ? But I could able to see ipsec creating 
charon.log in /var/log/
with this option (as in link).

Thanks,
Gowri Shankar
> Best Regards
> Anupam Malhotra
>
>
> -----Original Message-----
> From: gowrishankar [mailto:gowrishankar.m at linux.vnet.ibm.com]
> Sent: Friday, December 23, 2011 3:20 PM
> To: Anupam Malhotra
> Cc: Thomas Egerer; users at lists.strongswan.org
> Subject: Re: [strongSwan] Telnet over a tunnel using Local IP (rather than
> Public IP)
>
> On Friday 23 December 2011 03:12 PM, Thomas Egerer wrote:
>> On 12/23/2011 09:40 AM, Anupam Malhotra wrote:
>>> Hi Thomas
>>>
>>> I did try "left=xp.xp.xp.xp". In that case, even the tunnel is not
>>> established. Is there anything else which I can try here?
>> Make sure that right on your cloud-server is xp.xp.xp.xp, too or
>> %any. If that doesn't do the trick, why don't you post the config
>> files on both of the servers and append the logs of the failed
>> IKE_SA-negotiation.
>>
> BTW, can you also try to check if charon.log shows any interesting error ?
> If strongswan.conf does not have filelog, you can try below one
> and share your findings (imp errors).
>
>       filelog {
>           /var/log/charon.log {
>               # add a timestamp prefix
>               time_format = %b %e %T
>
>               # loggers to files also accept the append option to open
> files in
>               # append mode at startup (default is yes)
>               append = no
>
>               # the default loglevel for all daemon subsystems (defaults
> to 1).
>               default = 4
>
>               # flush each line to disk
>               flush_line = yes
>
>           }
>               default = 4
>
>               # prepend connection name, simplifies grepping
>               ike_name = yes
>           }
>       }
>
>
> Thanks,
> Gowri Shankar
>> Cheers
>> Thomas
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>





More information about the Users mailing list