[strongSwan] No outbound ipsec policy on Android
Noel Kuntze
noel at familie-kuntze.de
Fri Apr 12 16:33:53 CEST 2013
Hello,
I just got strongswan to somewhat work. but still need to fix the issue
of getting "No matching outbound IPsec policy for [insert some IP here]".
How do I fix this?
Regards,
Noel
------------------------
ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
uniqueids=yes
strictcrlpolicy=no
ca home
auto=add
cacert=vpn-ca.pem
ca server
auto=add
cacert=serverca.pem
ca user
auto=add
cacert=userca.pem
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev2
esp=aes256-sha512-modp4096!
ike=aes256-sha512-modp4096!
tfc=1300
dpdaction=restart
dpddelay=10
dpdtimeout=60
conn home
leftfirewall=no
lefthostaccess=yes
left=192.168.178.46
leftsubnet=0.0.0.0/0
leftid=<my id>
leftcert=strongswan.pem
leftdns=192.168.178.46
rightsourceip=172.16.19.0/24
auto=add
rightca="<my ca string>"
right=%any
strongswan.conf
# strongswan.conf - strongSwan configuration file
charon {
#dns1=192.168.178.46
# number of worker threads in charon
threads = 16
interfaces_use = eth0
plugins{
}
syslog {
# optional identifier used with openlog(3), prepended to each
log message
# by syslog. if not configured, openlog(3) is not called, so the
value will
# depend on system defaults (usually the program name)
identifier = charon
# default level to the LOG_DAEMON facility
daemon {
default = 3
asn = 3
enc = 3
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 2
chd = 2
mgr = 2
tls = 2
esp = 2
tnc = 2
imc = 2
imv = 2
}
}
filelog{
/var/log/charon.log {
time_format = %b %e %T
append = no
default = 1
enc = -1
flush_line = yes
}
stderr {
ike = 2
knl = 3
ike_name = yes
}
}
}
More information about the Users
mailing list