[strongSwan] unable to setup site-to-site

maverick me mujhkomail at gmail.com
Tue Mar 8 19:25:05 CET 2011 

Hi,

I am having trouble with setting up site-to-site with remote network.
I have a single server with public ip where I have installed strongswan.


Remote admin has shared the following settings:

************************************************************************************************************************************

Peer IP:- 202.56.XXX.YYY

Pre-shared key ########### ( share through phone )
*
For IKE Policy *
Encryption 3DES
Authentication SHA
Diffie-Hellman Group 2
*
For IPSec Policy*
Encryption 3DES
Authentication SHA
enable perfect forwarding secrecy(pfs)
Diffie-Hellman Group 1

your local pool IP :- 10.2.28.24

your remote network IP:- 10.2.84.68

************************************************************************************************************************************

On the basis of this, I have created following ipsec.conf


config setup
        plutostart=yes
        plutodebug=all
        plutostderrlog=/var/log/plutoerr.log

conn %default
        keyexchange=ikev1
        type=tunnel
        ikelifetime=86400


conn myconn
        left=119.82.AAA.BBB
        leftsourceip=10.2.28.24
        right=202.56.XXX.YYY
        rightsubnet=10.2.84.68/32
        esp=3des-sha1-modp768
        ike=3des-sha1-modp1024
        auth=esp
        authby=secret
        pfs=yes
        auto=start


********************************************************************************************************************************************************************************************************


]# ipsec status
000 "myconn":
10.2.28.24/32===119.82.69.67[119.82.69.67]...202.56.229.168[202.56.229.168]===10.2.84.68/32;
unrouted; eroute owner: #0
000 "myconn":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #44: "myconn" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT
in 30s
000


Remote side admin is asking me to NAT private IP. Any suggesstion how that
can be achived.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110308/37449aab/attachment.html>

More information about the Users mailing list