[strongSwan] StrongSwan Setup Questions

Julian Poschmann julian.poschmann at rwth-aachen.de
Sat Mar 31 01:24:42 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 31.03.2012 01:00, schrieb Chris Arnold:
> I found the example and i need a host to host. A few more
> questions: -When following
> http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/moon.ipsec.conf
>
> 
how do i get the moonCert.pem?
That's the file containing your X.509 certificate for the gateway. You
can generate them e.g. with openssl.

> -What ports do i need to open on both firewalls (the servers are
> not running a software firewall)? 500 and 4500?
Yey, if they are also behind NAT. Otherwise you have ensure protocols
AH and ESP (IP-Protocols 51 and 50) aren't blocked.

> -Where is the authlog located?
iirc, strongswan logs to syslog by default. Have a look at
<http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration>
if you want to customize logging.

Regards,
  Julian

- -- 
Julian Poschmann
Zeppelinstr. 31
52068 Aachen

Telefon: +49 170 3295135
E-Mail: julian.poschmannn at rwth-aachen.de
PGP-ID: 0x7D51DD8B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iEYEARECAAYFAk92QLoACgkQJmSm8H1R3Yu2agCeL0vALKYOM5EfMqLp1aIWaiXD
BuAAoKyTFwwuJ2HXaSFDbna7TvLSwsAS
=qW1e
-----END PGP SIGNATURE-----




More information about the Users mailing list