[strongSwan] no virtual IP found for %any requested
carachi diego
carachi83 at gmail.com
Mon Apr 15 20:45:49 CEST 2013
Hi Andreas,
Thank you very much for the information.
I added the line in the ipsec.conf and now the client get the IP address
but it is not from the DHCP server.
To solve this I need to put %dhcp instead the IP address of the network?
Now the client is connected to the server but it is no able to communicate
with it. The server always exchange packet information, as reported also in
the log file (attached):
08[ENC] generating INFORMATIONAL_V1 request 224635347 [ HASH N(DPD_ACK) ]
08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
07[IKE] sending retransmit 4 of response message ID 3472138887, seq 5
07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
What is it wrong in my configuration?
Thank you very much
Bye
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
root at debian:~# ipsec start --nofork --debug-all
Starting strongSwan 5.0.2 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for charon.
!! This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Loading config setup
Loading conn %default
type=tunnel
keyexchange=ike
Loading conn 'rw'
left=172.16.151.100
leftcert=gatewayCert.pem
leftid=@ipsec.org
leftsubnet=192.168.7.0/24
leftfirewall=yes
right=%any
rightsourceip=192.168.10.0/24
auto=add
found netkey IPsec stack
Attempting to start charon...
00[DMN] Starting IKE charon daemon (strongSwan 5.0.2, Linux 2.6.32-5-amd64,
x86_64)
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loaded ca certificate "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT,
CN=ipsec, E=root at ipsec.com" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loaded RSA private key from '/etc/ipsec.d/private/gatewayKey.pem'
00[DMN] loaded plugins: charon curl test-vectors aes des sha1 sha2 md5 pem
pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm
stroke kernel-netlink socket-default updown
00[JOB] spawning 16 worker threads
charon (1711) started after 20 ms
07[CFG] received stroke: add connection 'rw'
07[CFG] adding virtual IP address pool 192.168.10.0/24
07[CFG] loaded certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
E=root at ipsec.com" from 'gatewayCert.pem'
07[CFG] id 'ipsec.org' not confirmed by certificate, defaulting to 'C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com'
07[CFG] added configuration 'rw'
12[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(3756 bytes)
12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V ]
12[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
12[ENC] received unknown vendor ID:
16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
12[IKE] received NAT-T (RFC 3947) vendor ID
12[IKE] received FRAGMENTATION vendor ID
12[IKE] received DPD vendor ID
12[ENC] received unknown vendor ID:
f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
12[ENC] received unknown vendor ID:
16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
12[ENC] received unknown vendor ID:
84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
12[IKE] received Cisco Unity vendor ID
12[IKE] 172.16.151.141 is initiating a Main Mode IKE_SA
12[ENC] generating ID_PROT response 0 [ SA V V V ]
12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(140 bytes)
13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(365 bytes)
13[ENC] parsed ID_PROT request 0 [ KE No CERTREQ NAT-D NAT-D ]
13[IKE] ignoring certificate request without data
13[IKE] sending cert request for "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT,
CN=ipsec, E=root at ipsec.com"
13[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(499 bytes)
14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(1148 bytes)
14[ENC] parsed ID_PROT request 0 [ ID CERT SIG ]
14[IKE] received end entity cert "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec,
E=root at ipsec.com"
14[CFG] looking for RSA signature peer configs matching
172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=
root at ipsec.com]
14[CFG] selected peer config "rw"
14[CFG] using certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=
root at ipsec.com"
14[CFG] using trusted ca certificate "C=UK, ST=Luton, L=Luton, O=Beds,
OU=IT, CN=ipsec, E=root at ipsec.com"
14[CFG] checking certificate status of "C=UK, ST=Luton, O=Beds, OU=IT,
CN=ipsec, E=root at ipsec.com"
14[CFG] certificate status is not available
14[CFG] reached self-signed root ca with a path length of 0
14[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=
root at ipsec.com' with RSA successful
14[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=
root at ipsec.com' (myself) successful
14[IKE] IKE_SA rw[1] established between 172.16.151.100[C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com]...172.16.151.141[C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com]
14[IKE] scheduling reauthentication in 10043s
14[IKE] maximum IKE_SA lifetime 10583s
14[IKE] sending end entity cert "C=UK, ST=Luton, O=Beds, OU=IT,
CN=ipsec-gw2, E=root at ipsec.com"
14[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(1148 bytes)
08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
08[ENC] parsed INFORMATIONAL_V1 request 221323624 [ HASH N(INITIAL_CONTACT)
]
07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
07[ENC] parsed TRANSACTION request 1793578121 [ HASH CP ]
07[IKE] peer requested virtual IP %any
07[CFG] assigning new lease to 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=
root at ipsec.com'
07[IKE] assigning virtual IP 192.168.10.1 to peer 'C=UK, ST=Luton, O=Beds,
OU=IT, CN=ipsec, E=root at ipsec.com'
07[ENC] generating TRANSACTION response 1793578121 [ HASH CP ]
07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76
bytes)
09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(684 bytes)
09[ENC] parsed QUICK_MODE request 3472138887 [ HASH SA No ID ID ]
09[ENC] generating QUICK_MODE response 3472138887 [ HASH SA No ID ID ]
09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
10[IKE] sending retransmit 1 of response message ID 3472138887, seq 5
10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
11[ENC] parsed INFORMATIONAL_V1 request 2755921555 [ HASH N(DPD) ]
11[ENC] generating INFORMATIONAL_V1 request 382805223 [ HASH N(DPD_ACK) ]
11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
12[IKE] sending retransmit 2 of response message ID 3472138887, seq 5
12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
15[ENC] parsed INFORMATIONAL_V1 request 3136069899 [ HASH N(DPD) ]
15[ENC] generating INFORMATIONAL_V1 request 1565857942 [ HASH N(DPD_ACK) ]
15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
14[IKE] sending retransmit 3 of response message ID 3472138887, seq 5
14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
08[ENC] parsed INFORMATIONAL_V1 request 167738961 [ HASH N(DPD) ]
08[ENC] generating INFORMATIONAL_V1 request 224635347 [ HASH N(DPD_ACK) ]
08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
07[IKE] sending retransmit 4 of response message ID 3472138887, seq 5
07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
09[ENC] parsed INFORMATIONAL_V1 request 3385546230 [ HASH N(DPD) ]
09[ENC] generating INFORMATIONAL_V1 request 3289707722 [ HASH N(DPD_ACK) ]
09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
10[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
10[ENC] parsed INFORMATIONAL_V1 request 3118645347 [ HASH N(DPD) ]
10[ENC] generating INFORMATIONAL_V1 request 3620922148 [ HASH N(DPD_ACK) ]
10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
11[ENC] parsed INFORMATIONAL_V1 request 52442727 [ HASH N(DPD) ]
11[ENC] generating INFORMATIONAL_V1 request 1147347881 [ HASH N(DPD_ACK) ]
11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
12[IKE] sending retransmit 5 of response message ID 3472138887, seq 5
12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500]
(172 bytes)
13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
13[ENC] parsed INFORMATIONAL_V1 request 3858009195 [ HASH N(DPD) ]
13[ENC] generating INFORMATIONAL_V1 request 2360226256 [ HASH N(DPD_ACK) ]
13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
15[ENC] parsed INFORMATIONAL_V1 request 130653978 [ HASH N(DPD) ]
15[ENC] generating INFORMATIONAL_V1 request 1966052176 [ HASH N(DPD_ACK) ]
15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
14[ENC] parsed INFORMATIONAL_V1 request 3398287126 [ HASH N(DPD) ]
14[ENC] generating INFORMATIONAL_V1 request 2004937150 [ HASH N(DPD_ACK) ]
14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
08[ENC] parsed INFORMATIONAL_V1 request 1247206381 [ HASH N(DPD) ]
08[ENC] generating INFORMATIONAL_V1 request 69586892 [ HASH N(DPD_ACK) ]
08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500]
(92 bytes)
07[ENC] parsed INFORMATIONAL_V1 request 1989574186 [ HASH N(DPD) ]
07[ENC] generating INFORMATIONAL_V1 request 2000694412 [ HASH N(DPD_ACK) ]
07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92
bytes)
16[KNL] creating delete job for ESP CHILD_SA with SPI c05ddaef and reqid {1}
09[JOB] CHILD_SA with reqid 1 not found for delete
10[IKE] giving up after 5 retransmits
10[CFG] lease 192.168.10.1 by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=
root at ipsec.com' went offline
03[KNL] 192.168.7.10 disappeared from eth1
03[KNL] 192.168.7.142 appeared on eth1
2013/4/14 Andreas Steffen <andreas.steffen at strongswan.org>
> Hi,
>
> you must define a Virtual IP address pool, e.g.
>
> rightsourceip=192.168.10.0/24
>
> Regards
>
> Andreas
>
> On 04/14/2013 06:18 PM, carachi diego wrote:
> > Hi everybody,
> > I have this problem: the Windows Machine connect to the debian server
> > but the client doesn't receive the IP address, in fact in the ipsec log
> > I have this error:
> > "Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
> > requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>'"
> >
> > How can I solve this problem?
> > I see an other thing, in the wireshark I don't see any communication
> > from the server to the client. It is right or not?
> >
> > Below the configuration files and log.
> >
> > Thank you
> >
> >
> >
> -----------------------------------------------------------------------------------------------------------------------------
> >
> > LOG FILE
> >
> > Apr 14 07:49:08 debian charon: 14[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
> > Apr 14 07:49:08 debian charon: 14[ENC] parsed ID_PROT request 0 [ SA V V
> > V V V V V V V V V ]
> > Apr 14 07:49:08 debian charon: 14[IKE] received
> > draft-ietf-ipsec-nat-t-ike-00 vendor ID
> > Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> > 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
> > Apr 14 07:49:08 debian charon: 14[IKE] received
> > draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> > Apr 14 07:49:08 debian charon: 14[IKE] received
> > draft-ietf-ipsec-nat-t-ike-03 vendor ID
> > Apr 14 07:49:08 debian charon: 14[IKE] received NAT-T (RFC 3947) vendor
> ID
> > Apr 14 07:49:08 debian charon: 14[IKE] received FRAGMENTATION vendor ID
> > Apr 14 07:49:08 debian charon: 14[IKE] received DPD vendor ID
> > Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> > f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> > Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> > 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> > Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> > 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> > Apr 14 07:49:08 debian charon: 14[IKE] received Cisco Unity vendor ID
> > Apr 14 07:49:08 debian charon: 14[IKE] 172.16.151.141 is initiating a
> > Main Mode IKE_SA
> > Apr 14 07:49:08 debian charon: 14[ENC] generating ID_PROT response 0 [
> > SA V V V ]
> > Apr 14 07:49:08 debian charon: 14[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
> > Apr 14 07:49:08 debian charon: 16[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
> > Apr 14 07:49:08 debian charon: 16[ENC] parsed ID_PROT request 0 [ KE No
> > CERTREQ NAT-D NAT-D ]
> > Apr 14 07:49:08 debian charon: 16[IKE] ignoring certificate request
> > without data
> > Apr 14 07:49:08 debian charon: 16[IKE] sending cert request for "C=UK,
> > ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 16[ENC] generating ID_PROT response 0 [
> > KE No CERTREQ NAT-D NAT-D ]
> > Apr 14 07:49:08 debian charon: 16[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (499 bytes)
> > Apr 14 07:49:08 debian charon: 08[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)
> > Apr 14 07:49:08 debian charon: 08[ENC] parsed ID_PROT request 0 [ ID
> > CERT SIG ]
> > Apr 14 07:49:08 debian charon: 08[IKE] received end entity cert "C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:
> root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 08[CFG] looking for RSA signature peer
> > configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds,
> > OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>]
> > Apr 14 07:49:08 debian charon: 08[CFG] selected peer config "rw"
> > Apr 14 07:49:08 debian charon: 08[CFG] using certificate "C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:
> root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 08[CFG] using trusted ca certificate
> > "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 08[CFG] checking certificate status of
> > "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 08[CFG] certificate status is not
> available
> > Apr 14 07:49:08 debian charon: 08[CFG] reached self-signed root ca
> > with a path length of 0
> > Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>' with RSA successful
> > Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com
> > <mailto:root at ipsec.com>' (myself) successful
> > Apr 14 07:49:08 debian charon: 08[IKE] IKE_SA rw[7] established between
> > 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
> > E=root at ipsec.com <mailto:root at ipsec.com>]...172.16.151.141[C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:
> root at ipsec.com>]
> > Apr 14 07:49:08 debian charon: 08[IKE] scheduling reauthentication in
> 3404s
> > Apr 14 07:49:08 debian charon: 08[IKE] maximum IKE_SA lifetime 3584s
> > Apr 14 07:49:08 debian charon: 08[IKE] sending end entity cert "C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com
> > <mailto:root at ipsec.com>"
> > Apr 14 07:49:08 debian charon: 08[ENC] generating ID_PROT response 0 [
> > ID CERT SIG ]
> > Apr 14 07:49:08 debian charon: 08[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)
> > Apr 14 07:49:08 debian charon: 12[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> > Apr 14 07:49:08 debian charon: 12[ENC] parsed INFORMATIONAL_V1 request
> > 3937839819 [ HASH N(INITIAL_CONTACT) ]
> > Apr 14 07:49:08 debian charon: 10[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> > Apr 14 07:49:08 debian charon: 10[ENC] parsed TRANSACTION request
> > 1841991445 [ HASH CP ]
> > Apr 14 07:49:08 debian charon: 10[IKE] peer requested virtual IP %any
> > Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
> > requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> > <mailto:root at ipsec.com>'
> > Apr 14 07:49:08 debian charon: 10[ENC] generating TRANSACTION response
> > 1841991445 [ HASH CP ]
> > Apr 14 07:49:08 debian charon: 10[NET] sending packet: from
> > 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
> > Apr 14 07:49:08 debian charon: 11[NET] received packet: from
> > 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> > Apr 14 07:49:08 debian charon: 11[ENC] parsed INFORMATIONAL_V1 request
> > 1182985237 [ HASH D ]
> > Apr 14 07:49:08 debian charon: 11[IKE] received DELETE for IKE_SA rw[7]
> > Apr 14 07:49:08 debian charon: 11[IKE] deleting IKE_SA rw[7] between
> > 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
> > E=root at ipsec.com <mailto:root at ipsec.com>]...172.16.151.141[C=UK,
> > ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:
> root at ipsec.com>]
> >
> >
> >
> >
> >
> >
> -----------------------------------------------------------------------------------------------------
> >
> > /etc/ipsec.conf
> >
> >
> > # ipsec.conf - strongSwan IPsec configuration file
> >
> > config setup
> > # # strictcrlpolicy=yes
> > # # uniqueids = no
> >
> > conn %default
> > type=tunnel
> > ike=aes128-sha1-modp2048,3des-sha1-modp1536
> > ikelifetime=60m
> > keylife=20m
> > rekeymargin=3m
> > keyingtries=1
> > keyexchange=ikev1
> > esp=aes128-sha1,3des-sha1
> > mobike=yes
> > leftikeport=4500
> > rightikeport=4500
> >
> >
> > conn rw
> > left=172.16.151.100
> > leftcert=gatewayCert.pem
> > leftid=@ipsec.org <http://ipsec.org>
> > leftsubnet=192.168.7.0/24 <http://192.168.7.0/24>
> > leftfirewall=yes
> > right=%any
> > auto=add
> >
> >
> >
> >
> ------------------------------------------------------------------------------------------------
> >
> > /etc/strongswan.conf
> >
> > # strongswan.conf - strongSwan configuration file
> >
> > charon {
> >
> > load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp
> > random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke
> > kernel-netlink socket-default updown
> >
> >
> > pluto {
> >
> > }
> >
> > libstrongswan {
> >
> > }
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > http://www.2dd.it
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
> >
>
>
> --
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
--
http://www.2dd.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130415/43ec0571/attachment.html>
More information about the Users
mailing list