[strongSwan] strongSwan 4.5.0 Not routing
Adrian Milanoski
amilanoski at rim.com
Wed Feb 15 20:56:33 CET 2012
This is my current configuration.
If anyone could provide a place for me to start that would be great. Thanks in advance.
Strognswan.conf
# strongswan.conf - strongSwan configuration file
charon {
dns1 = 172.16.1.2
dns2 = 172.16.1.241
charon.install_routes = yes
# number of worker threads in charon
threads = 16
# ORIGINAL ##plugins to load in charon
#load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke eapradius eap-tls pem
#load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
filelog {
/var/log/charon.log {
# loggers to files also accept the append option to open files in
# append mode at startup (default is yes)
append = no
# the default loglevel for all daemon subsystems (defaults to 1).
default = 2
}
stderr {
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
}
}
syslog {
# default level to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 3
}
}
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
eap_radius {
secret = 1234
server = 10.5.1.20
}
}
# ...
}
pluto {
# plugins to load in pluto
# load = aes des sha1 md5 sha2 hmac gmp random pubkey
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
Ipsec.conf
config setup
plutostart=no
conn %default
keyexchange=ikev2
type=tunnel
rekeyfuzz=0%
rekeymargin=30s
rekey=yes
reauth=no
ikelifetime=7m
keylife=5m
authby=secret
conn rw-psk
left=%defaultroute
leftid=10.137.205.202
leftsubnet=172.16.1.0/24
leftfirewall=no
right=%any
rightid=%any
rightsubnetwithin=172.16.1.0/24
rightsourceip=172.16.1.60/24
auto=add
Regards,
Adrian
-----Original Message-----
From: users-bounces+amilanoski=rim.com at lists.strongswan.org [mailto:users-bounces+amilanoski=rim.com at lists.strongswan.org] On Behalf Of Adrian Milanoski
Sent: Wednesday, February 15, 2012 1:51 PM
To: Martin Willi
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
Martin,
Ipv4 ip_forward is enabled
Regards,
Adrian
-----Original Message-----
From: users-bounces+amilanoski=rim.com at lists.strongswan.org [mailto:users-bounces+amilanoski=rim.com at lists.strongswan.org] On Behalf Of Adrian Milanoski
Sent: Wednesday, February 15, 2012 1:35 PM
To: Martin Willi
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
How can I check to see if that is enabled?
I will try googling now in parallel....
Thank you for the response....
Regards,
Adrian Milanoski
Short Range Protocols
WLAN IOT / Pre-Cert
Lab Administrator
Research In Motion Limited
Tel. (289) 261-5801
Email amilanoski at rim.com
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Friday, February 10, 2012 8:36 AM
To: Adrian Milanoski
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
Hello Adrian,
> but I cannot ping anything on the private side however when on the GW
> itself I can ping both public and private networks.
Have you enabled IP forwarding in the kernel? Have all involved hosts
routes for your VPN connection?
Regards
Martin
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
More information about the Users
mailing list