[strongSwan] Roadwarrior Config
Chris Arnold
carnold at electrichendrix.com
Wed May 9 23:53:43 CEST 2012
StrongSwan 4.4.x on SLES11 SP2. We have an existing site-to-site ikev2 with certs. Now we want to add roadwarrior config to strongswan and use Windoze 7 VPN client xauth with mobike. Here si the ipsec.conf:
config setup
# plutodebug=all
crlcheckinterval=600
strictcrlpolicy=no
# cachecrls=yes
nat_traversal=yes
# charonstart=no
plutostart=no
# Add connections here.
conn %default
ikelifetime=28800s
keylife=20m
rekeymargin=3m
keyingtries=1
#authby=secret
keyexchange=ikev2
mobike=no
conn rclients
keyexchange=ikev2
authby=xauthrsasig
xauth=server
left=192.168.1.18
leftcert=moonCert.pem
#leftid=
leftsubnet=192.168.1.0/24
right=%any
auto=add
conn teknerds
left=%defaultroute
leftcert=moonCert.pem
leftsubnet=192.168.1.0/24
right=right.pub.ip
rightsubnet=192.168.123.0/24
rightcert=sunCert.pem
rightid="sunid"
auto=add
ipsec up rclients does nothing on moon server:
ELC:~ # ipsec up rclients
ELC:~ #
Ipsec statusall shows only the teknerds tunnel. I have been following:
http://www.strongswan.org/uml/testresults/ikev1/xauth-rsa-mode-config/index.html
Also, how is ip address handled in this config? Can the client pull an ip from the dhcp server?
Thanks for any help
More information about the Users
mailing list