[strongSwan] Newbie question on setting up VPN server for mobile devices
ashwin.shirvanthe at gmail.com
Tue Jun 26 22:55:34 CEST 2012
I would like my machine to be a VPN server for mobile devices in my
university lab. I also would like the mobile devices to access the
internet through my machine even if they are outside my lab. I do not
wish to root these phones. My machine has a public IP address and my
mobile devices can ping my machine from networks that are outside my
university. I am following the steps presented in the URL
setting up the VPN. I have generates self signed certificates and
placed the key and certificate files at the appropriate location. I
am currently using strongswan 4.6.4 and I would like to migrate to the
5.x version once it is available. I have currently flushed out all the
firewall rules on my machine (VPN server) using iptables --flush to
ensure that no packets are dropped by the firewall on my machine.
The contents of my ipsec.secrets file is as follows
# ipsec.secrets - strongSwan IPsec secrets file
: RSA server.key
: PSK "hello"
The contents of ipsec.conf file is as follows
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
left=<public IPv4 address of my machine>
The contents of the strongswan.conf are as follows.
# strongswan.conf - strongSwan configuration file
# number of worker threads in charon
threads = 16
# plugins to load in charon
# load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
# loggers to files also accept the append option to open files in
# append mode at startup (default is yes)
append = no
# the default loglevel for all daemon subsystems (defaults to 1).
default = 3
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
# default level to the LOG_DAEMON facility
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
default = -1
ike = 0
I am using an android device (version 4.0) to connect to this VPN
server. I am not using the android client for strongswan as I cannot
root these devices.
More information about the Users