[strongSwan] StrongSwan Setup Questions
Chris Arnold
carnold at electrichendrix.com
Sat Mar 31 17:17:37 CEST 2012
At this point i am not sure if i have strongswan configured right or am having certificate problems. I see differences in my config verses the strongswan example. Differences like in strongswan.conf, the example has
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}
and the default strongswan.conf file has this:
# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
# plugins to load in charon
# load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
}
# ...
}
pluto {
# plugins to load in pluto
# load = aes des sha1 md5 sha2 hmac gmp random pubkey
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
Notice the load = line is commented out? When i uncomment the line and run ipsec up host-host i get a no socket implementation registered, receiving failed error. It would help if i could the logging working by logging to a file but that is not working either. Can someone verify what the strongswan conf file is to look like for a simple hot to host and maybe a working logging config?
----- Original Message -----
From: "Julian Poschmann" <julian.poschmann at rwth-aachen.de>
To: "Chris Arnold" <carnold at electrichendrix.com>
Sent: Friday, March 30, 2012 6:20:46 PM
Subject: Re: [strongSwan] StrongSwan Setup Questions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Chris,
have a look at the wiki, i.e.
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples#Site-to-Site
Regards,
Julian
Am 31.03.2012 00:16, schrieb Chris Arnold:
> StrongSwan 4.4.06 on 2 SLES11 SP2 servers. I need a site-to-site
> how-to (this link,
> http://www.strongswan.org/docs/readme4.htm#section_2.1 is outdated
> and i do not see a updated site to site how to) and 1 server will
> have roadwarriors connecting to it (would like to do this with RSA
> authentication with X.509 certificate). 1 server is behind a
> netgear wndr3700 router/firewall and 1 server is behind a sonicwall
> tz180w. Where can i find the appropriate info on how to do this?
>
> _______________________________________________ Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
- --
Julian Poschmann
Zeppelinstr. 31
52068 Aachen
Telefon: +49 170 3295135
E-Mail: julian.poschmannn at rwth-aachen.de
PGP-ID: 0x7D51DD8B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iEYEARECAAYFAk92Mb4ACgkQJmSm8H1R3YscNwCgmnZ+2f7L86MOotjFKsEbLqMi
MoEAn1bEEpWLKxmtASySng+muN89BWnn
=73+L
-----END PGP SIGNATURE-----
More information about the Users
mailing list