[strongSwan] Trying a basic peer to peer ipsec setup with strongswan and is failing due to some key related issue
Shilpa Shree
Shilpa.Shree at lntinfotech.com
Mon Sep 19 13:59:02 CEST 2011
Hi I m new to ipsec tunnel .... Current we are establishing ipsec tunnel between two linux machines using strongswan open source
Here are config file : alice
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=107.108.204.246
right=107.108.204.245
leftcert=aliceCert.pem
rightid="C=CH, O=Linux strongSwan, CN=venus.strongswan.org"
auto=add
and same on other side
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=107.108.204.245
right=107.108.204.246
leftcert=venusCert.pem
rightid="C=CH, O=Linux strongSwan, CN=alice.strongswan.org"
leftfirewall=yes
auto=add
and log when I run
/usr/sbin/ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.3):
uptime: 10 seconds, since Sep 19 16:37:53 2011
malloc: sbrk 135168, mmap 0, used 82288, free 52880
worker threads: 9 of 16 idle, 6/1/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown eap-aka
Listening IP addresses:
107.108.204.246
2011::14
107.108.204.246
Connections:
host-host: 107.108.204.246...107.108.204.245
host-host: local: [C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org] uses public key authentication
host-host: cert: "C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org"
host-host: remote: [C=CH, O=Linux strongSwan, CN=venus.strongswan.org] uses any authentication
host-host: child: dynamic === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
host-host[1]: CONNECTING, 107.108.204.246[%any]...107.108.204.245[%any]
host-host[1]: IKE SPIs: c6d28a10188c9f00_i* 0000000000000000_r
host-host[1]: Tasks active: IKE_VENDOR IKE_INIT IKE_NATD IKE_CERT_PRE IKE_AUTHENTICATE IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE
*********************************
/usr/sbin/ipsec up host-host
retransmit 4 of request with message ID 0
sending packet: from 107.108.204.246[500] to 107.108.204.245[500]
retransmit 5 of request with message ID 0
sending packet: from 107.108.204.246[500] to 107.108.204.245[500]
I m not getting where the error has occurred and why it is unable to establish connection ..kindly do help me in this regard... hoping any response
Thanks and regards,
Shilpa
________________________________
The contents of this e-mail and any attachment(s) may contain confidential or privileged information for the intended recipient(s). Unintended recipients are prohibited from taking action on the basis of information in this e-mail and using or disseminating the information, and must notify the sender and delete it from their system. L&T Infotech will not accept responsibility or liability for the accuracy or completeness of, or the presence of any virus or disabling code in this e-mail"
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110919/c5d08a65/attachment.html>
More information about the Users
mailing list