[strongSwan] FTPS over IPSec

chou eiffel eiffel.chou at gmail.com
Tue Nov 8 12:56:28 CET 2011


I want to setup the FTPS over the IPSec tunnel by using lftp for FTPS
client, vsftpd for FTPS server, Strongswan for IPsec. The FTPS needs turn
on the ssl encryption and cert based authentication (bi-directional). When
I turn on the firewall and setup the ipsec tunnel, ping is OK. But FTPS not
working, it seems the Strongswan (or in fact the firewall ) blocked the
cert exchange messages. I can also see in the tcpdump trace from gateway
internal port the vsftpd trying to resend Response containing cert info to
the client but cannot capture any following packets on gateway external
port. If I turn off the firewall, everything is OK. It is also OK when the
firewall is on if I don't use cert based auth in FTPS.

Thanks a lot
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111108/b63c4637/attachment.html>

More information about the Users mailing list