[strongSwan] Newbie question on setting up VPN server for mobile devices

Ashwin Rao ashwin.shirvanthe at gmail.com
Tue Jun 26 22:55:34 CEST 2012 

Hi,

I would like my machine to be a VPN server for mobile devices in my
university lab. I also would like the mobile devices to access the
internet through my machine even if they are outside my lab. I do not
wish to root these phones. My machine has a public IP address and my
mobile devices can ping my machine from networks that are outside my
university. I am following the steps presented in the URL
http://wiki.strongswan.org/projects/strongswan/wiki/Fornewbies for
setting up the VPN. I have generates self signed certificates and
placed the key and certificate files at the appropriate location.  I
am currently using strongswan 4.6.4 and I would like to migrate to the
5.x version once it is available. I have currently flushed out all the
firewall rules on my machine (VPN server) using iptables --flush to
ensure that no packets are dropped by the firewall on my machine.

The contents of my ipsec.secrets file is as follows
# ipsec.secrets - strongSwan IPsec secrets file

: RSA server.key
: PSK "hello"

The contents of ipsec.conf file is as follows
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
	crlcheckinterval=180
	strictcrlpolicy=no
	plutostart=no
conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	keyexchange=ikev2

conn rw
	left=<public IPv4 address of my machine>
	leftcert=server.crt
	leftid=@<myservername.myuniversity.edu>
	# leftsubnet=10.1.0.0/16
	leftfirewall=yes
	right=%any
	auto=add

The contents of the strongswan.conf are as follows.
# strongswan.conf - strongSwan configuration file

charon {

	# number of worker threads in charon
	threads = 16

	# plugins to load in charon
	# load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke

	filelog {
		/var/log/charon.log {
			# loggers to files also accept the append option to open files in
			# append mode at startup (default is yes)
			append = no
			# the default loglevel for all daemon subsystems (defaults to 1).
			default = 3
		}

		stderr {
			# more detailed loglevel for a specific subsystem, overriding the
			# default loglevel.
			ike = 2
			knl = 3
		}
	}

	syslog {
		# default level to the LOG_DAEMON facility
		daemon {
		}
		# very minimalistic IKE auditing logs to LOG_AUTHPRIV
		auth {
			default = -1
			ike = 0
		}
	}
}

I am using an android device (version 4.0) to connect to this VPN
server.  I am not using the android client for strongswan as I cannot
root these devices.

Regards,
Ashwin

More information about the Users mailing list