[strongSwan] strongswan client configuration
Alexandre Chapellon
a.chapellon at horoa.net
Sun Jun 12 16:50:35 CEST 2011
Hello,
I new to strongswan, and not so familiar with ipsec. I want to setup an
ipsec VPN gateway for site to site and roadwarriors.
I have installed strongswan on a debian 6 system. I have generated x509
certificates and rsa keys as described here:
http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA
On the client side I have installed the strongswan network-manager
plugin. I can succesfully establish vpn connections and route packet
from and to the roadwarrior client.
I'd like to do the same but without using the network-manager gui... and
here it fails.
I guess my certs are ok as connections works just fine with gui. Here is
my ipsec.conf on the rw side:
config setup
strictcrlpolicy=no
charonstart=yes
plutostart=yes
ca horoa
cacert=/home/some1/ssl/pki/ca.crt
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn strongswan
left=%defaultroute
leftcert=/home/some1/ssl/pki/elronde.crt
leftrsasigkey=/home/some1/ssl/pki/elronde.key
leftsourceip=%config
right=21.12.5.22
rightid=vpn.domain.tld
rightsubnet=172.20.0.0/23
auto=add
when I type sudo ipsec up strongswan, connection seems to come up, but
routing does not work and looking ip xfrm policy I can see there is
none. Does any know where is my issue?
More information about the Users
mailing list