[strongSwan] configuring strongswan for windows with ikev2; not assigning gateway on windows machine

Amrith Kumar amrith.kumar at gmail.com
Sun Jul 22 00:23:16 CEST 2012


Hello,

I'm new to strongswan and have been working through setting it up for the
first time. 

My configuration:

[Server]
An Amazon EC2 instance running Ubuntu 12.04
[Client]
A windows 7 PC
Strongswan is configured and running on the server. Authentication of the
client is by certificate (which has been quite an experience) and I've
managed to get all that straightened out and on the Windows PC I can click
"connect" on the VPN and it authenticates and connects.

Then it says "No internet access" on the VPN.

What I see on Windows is this, 

1. there's no route that will send all traffic down the VPN.
2. there's no interface being created (that I can tell) on the server side
that responds to pings for what I believe will be the servers side of the
tunnel
3. ipconfig /all on Windows shows that the default gateway for the VPN
interface is 0.0.0.0

As my server is itself an EC2 instance (and therefore it's public IP is
unknown), how does one go about instructing strongswan and windows of this
setup?

The how-to's and information on the strongswan wiki seem to deal with
configurations where there is a static IP on the server side, a luxury I
don't have. Yes, I could get an elasticIP from Amazon but I'm looking for a
solution that doesn't require that if possible. With PPTP (as a comparison),
I could merely say:
localip 10.40.1.1
remoteip 10.40.1.20-50
and enable ip_forward and things work out fine ...

My ipsec.conf is this 

# ipsec.conf - strongSwan IPsec configuration file
config setup
       plutostart=no

conn %default
     keyexchange=ikev2
     dpdaction=clear
     dpddelay=300s
     rekey=no
     type=tunnel

conn amrith-desktop
     leftsourceip=10.40.15.1
     leftid="C=US, ST=MA, O=PE, CN=vpn.<domain>.com, E=<email>"
     leftcert=vpn-server-cert.pem
     rightcert=amrith-laptop-cert.pem
     rightid="C=US, ST=MA, O=PE, CN=my-laptop, E=<email>"
     rightsourceip=10.40.15.5/8
     rightsubnet=10.40.15.0/8
     auto=add

-amrith





More information about the Users mailing list