[strongSwan] newbie qs. suite B with AES-GCM

Philip Anil-QBW348 anil.philip at motorolasolutions.com
Thu Jan 12 16:47:18 CET 2012


Any help appreciated.

-----Original Message-----
From: Philip Anil-QBW348 
Sent: Tuesday, January 10, 2012 8:12 PM
To: Andreas Steffen; users at lists.strongswan.org
Subject: RE: [strongSwan] newbie qs. suite B with AES-GCM


From: Andreas Steffen [mailto:andreas.steffen at strongswan.org]

Your VPN gateway is either not listening on UDP port 500
or the response got lost somehow. Is strongSwan running on
moon?

On 06.01.2012 00:59, Philip Anil-QBW348 wrote:
> Andreas,
> I corrected it and tried again. It has trouble sending so I
interrupted
> and tried ping which is able to see a path.
> Anil
>
> ~$ sudo /etc/init.d/iptables start 2> /dev/null
> ~$ sudo ipsec restart
> Stopping strongSwan IPsec...
> Starting strongSwan 4.5.2 IPsec [starter]...
> !! Your strongswan.conf contains manual plugin load options for
> !! pluto and/or charon. This is recommended for experts only, see
> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> ~$ sudo ipsec up home
> initiating IKE_SA home[1] to 192.168.1.100
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
]
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
> retransmit 1 of request with message ID 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
> retransmit 2 of request with message ID 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
> retransmit 3 of request with message ID 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
> retransmit 4 of request with message ID 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]

-----------------
Andreas,
I am able to ping from moon to carol, and from carol to moon.
I run wireshark on both and when I run on carol,
~$ sudo ipsec up home
There is nothing in wireshark using filter udp.port == 500
In other words, there is no outbound traffic from carol.

Here is my setup

[moon ubuntu server 11.10]--ethernet cable--[Netgear wndr3700 wireless
router]--ethernet cable--[alice? company intranet] --wifi-- [carol
ubuntu laptop]

When I connect from carol laptop to router, I am able to browse the
company intranet.
Strongswan is running on moon. See below

-------MOON-------------------
~$ sudo ipsec statusall
[sudo] password for anil:
Status of IKEv2 charon daemon (strongSwan 4.5.2):
  uptime: 15 hours, since Jan 05 12:02:29 2012
  malloc: sbrk 135168, mmap 0, used 92624, free 42544
  worker threads: 10 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509
revocation hmac xcbc gcm stroke kernel-netlink updown openssl
Listening IP addresses:
  192.168.1.100
Connections:
          rw:  192.168.1.100...%any
          rw:   local:  [moon.strongswan.org] uses public key
authentication
          rw:   remote: [%any] uses any authentication
          rw:    crl:   status must be GOOD
          rw:   child:  10.1.0.0/16 === dynamic
Security Associations:
  none
-----------
I appreciate any help.

Anil






More information about the Users mailing list