[strongSwan] Migration from Openswan to Strongswan
pavel.arnost at valvera.cz
Tue May 10 11:51:30 CEST 2011
I tried to migrate our Openswan VPN (2.6.21) to Strongswan VPN (4.5.1) on our CentOS 5 server. Openswan package is from official CentOS repository (openswan-2.6.21-5.el5_6.4), Strongswan package have been built from this spec file: http://developer.intra2net.com/git/?p=strongswan-rpm;a=blob_plain;f=strongswan.spec;hb=e2bb0076fce6d44ee80cff4b20d90a0eee1fa689
I slightly modified configuration for IKEv1 keying, ipsec.conf looks like:
Both ISAKMP and IPsec SA were succesfully established, ip xfrm policy output was the same as output from Openswan. But...
In tcpdump, I saw incoming ESP traffic from B.B.B.B, but no ESP traffic from our address A.A.A.A. Ping to 10.10.255.1 returned no response, so I think that policies were in place (with turned off VPN, ping returned "host unreachable" from far away gateway). I added "iptables -I FORWARD -j ACCEPT" rule to iptables to rule out problem with firewall.
Do you have any idea what can be wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users