[strongSwan] need to find a host-host configuration for strongswan with NAT .
ramakanth varala
ramakanth.varala at gmail.com
Fri Nov 30 11:44:21 CET 2012
Hello all,
Iam having two VPN Servers behind NAT as show below.
______________ ___________
___________ _____________ __
| 192.168.1.254 |_________| 192.168.1.1 | ___________________
| 192.168.1.1 |=====|192.168.1.254 (B) |
|_(PC A) _______| | 10.10.15.3 | ====> |10.10.15.1
(router) |=====>| 10.10.15.8 | |_______________ |
--------------------
---------------------------------- ---------------------
ipsec.conf currently iam using following at PC A
*config setup
charonstart=no
plutodebug=all
plutostderrlog=/var/pluto.txt
crlcheckinterval=180
strictcrlpolicy=no
nat_traversal=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
auto=add
authby=secret
conn host-host
right=192.168.1.254
left=%defaultroute
leftsubnet=192.168.1.0/24
leftnexthop=192.168.1.1
rightsubnet=192.168.1.0/24
rightnexthop=10.10.15.8
#rightid=@sun.strongswan.org
auto=add
authby=secret
*
and ipsec.conf PC B.
*config setup
charonstart=no
plutodebug=all
plutostderrlog=/var/pluto.txt
crlcheckinterval=180
strictcrlpolicy=no
nat_traversal=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
auto=add
authby=secret
conn host-host
right=192.168.1.254
left=%defaultroute
leftsubnet=192.168.1.0/24
leftnexthop=192.168.1.1
rightsubnet=192.168.1.0/24
rightnexthop=10.10.15.3
#rightid=@sun.strongswan.org
auto=add
authby=secret
*
when i do ipsec up host-host i get error as below
*022 "host-host": we have no ipsecN interface for either end of this
connection*
Where am i going wrong exactly can any body help me here
thanks
Rama Kanth
On Sun, Aug 19, 2012 at 12:27 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> You need the parameter
>
> auto=add
>
> because the default is auto=ignore which doesn't load the
> connection definition. pluto doesn't support left=%any,
> either defined an IP address or write
>
> left=%defaultroute
>
> For the initiator you have to give an IP address for right so
> it can actively connect to the responder.
>
> Regards
>
> Andreas
>
> On 08/18/2012 05:07 PM, ramakanth varala wrote:
>> Hello all,
>>
>> Iam new to strongswan, i am trying to run strongswan in my target
>> board and a RHEL6 machine connected to that .
>>
>> My aim is to run the strongswan VPN server on my target board with a
>> host-host tunnel to my linux machine connected to that.
>>
>> There are lot of missing blocks for me.
>>
>> 1) When ever i try to run the ipsec ( either in my target board or in
>> my linux machine) with some configurations like below
>>
>> ipsec.conf
>> ========
>>
>> config setup
>> #charonstart=no
>> plutostart=yes
>>
>> conn %default
>> left=%any
>> right=%any
>> authby=psk
>>
>>
>> ipsec.secrets
>> ===========
>> %any %any : PSK "123456"
>>
>>
>> i see that it does not show any thing when i type ipsec status
>>
>> 2) i oftenly see my ipsec.conf getting autogenerated and wiped out my
>> confiugrations which ever i kept
>>
>> 3) Here my aim is to establish a simplist configuration to have VPN
>> tunnel between my target board and my LINUX machine. if any body can
>> sugget a simple configuration related to it , that would be really
>> helpfull.
>>
>> iam running strongswan 4.6.1
>>
>> thanks
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121130/36ea7902/attachment.html>
More information about the Users
mailing list