[strongSwan] StrongSwan Setup Questions

Chris Arnold carnold at electrichendrix.com
Sat Mar 31 17:17:37 CEST 2012 

At this point i am not sure if i have strongswan configured right or am having certificate problems. I see differences in my config verses the strongswan example. Differences like in strongswan.conf, the example has
# /etc/strongswan.conf - strongSwan configuration file

charon {
  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
}

and the default strongswan.conf file has this:

# strongswan.conf - strongSwan configuration file

charon {

	# number of worker threads in charon
	threads = 16
	
	# plugins to load in charon
	# load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default updown
	
	plugins {

		sql {
			# loglevel to log into sql database
			loglevel = -1
			
			# URI to the database
			# database = sqlite:///path/to/file.db
			# database = mysql://user:password@localhost/database
		}
	}
	
	# ...
}

pluto {

	# plugins to load in pluto
	# load = aes des sha1 md5 sha2 hmac gmp random pubkey
	
}

libstrongswan {

	#  set to no, the DH exponent size is optimized
	#  dh_exponent_ansi_x9_42 = no
}

Notice the load = line is commented out? When i uncomment the line and run ipsec up host-host i get a no socket implementation registered, receiving failed error. It would help if i could the logging working by logging to a file but that is not working either. Can someone verify what the strongswan conf file is to look like for a simple hot to host and maybe a working logging config?

----- Original Message -----
From: "Julian Poschmann" <julian.poschmann at rwth-aachen.de>
To: "Chris Arnold" <carnold at electrichendrix.com>
Sent: Friday, March 30, 2012 6:20:46 PM
Subject: Re: [strongSwan] StrongSwan Setup Questions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Chris,

have a look at the wiki, i.e.
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2Examples#Site-to-Site

Regards,
  Julian


Am 31.03.2012 00:16, schrieb Chris Arnold:
> StrongSwan 4.4.06 on 2 SLES11 SP2 servers. I need a site-to-site
> how-to (this link,
> http://www.strongswan.org/docs/readme4.htm#section_2.1 is outdated
> and i do not see a updated site to site how to) and 1 server will
> have roadwarriors connecting to it (would like to do this with RSA
> authentication with X.509 certificate). 1 server is behind a
> netgear wndr3700 router/firewall and 1 server is behind a sonicwall
> tz180w. Where can i find the appropriate info on how to do this?
> 
> _______________________________________________ Users mailing list 
> Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users


- -- 
Julian Poschmann
Zeppelinstr. 31
52068 Aachen

Telefon: +49 170 3295135
E-Mail: julian.poschmannn at rwth-aachen.de
PGP-ID: 0x7D51DD8B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iEYEARECAAYFAk92Mb4ACgkQJmSm8H1R3YscNwCgmnZ+2f7L86MOotjFKsEbLqMi
MoEAn1bEEpWLKxmtASySng+muN89BWnn
=73+L
-----END PGP SIGNATURE-----

More information about the Users mailing list