[strongSwan] Setup client using main mode/draft-ietf-ipsec-nat-t-ike-02

Damien Benoist dams.benoist at gmail.com
Mon Jun 17 11:22:03 CEST 2013


Hi Andreas,

Thanks for your answer.
There's an ip/port i can connect to from windows with cisco vpnclient.
>From Linux with strongswan, I get a connection timed out.

telnet x.x.x.x p
Trying x.x.x.x...
telnet: Unable to connect to remote host: Connection timed out

Thanks again.


2013/6/17 Andreas Steffen <andreas.steffen at strongswan.org>:
> Hi Damien,
>
> no special ipsec interface is created. Linux automatically
> routes traffic to an from the IPsec tunnel installed in
> the kernel. This means that you don't need to do any
> special configuration.
>
> Regards
>
> Andreas
>
>
> On 17.06.2013 09:08, Damien Benoist wrote:
>>
>> Martin,
>>
>> I did the changes you suggested.
>> I now get a "connection 'cnx' established successfully.
>> So it seems that the client and server now understand eachother.
>>
>> I expected to have a new network interface.
>> Some threads are talking of an "ipsec" interface
>> but I have none.
>> So I just don't know how to use the connection.
>> Can you tell me what I have to do now
>> or point me to the right doc?
>>
>> Thanks again!
>>
>>
>> 2013/6/11 Martin Willi <martin at strongswan.org>:
>>>
>>> Damien,
>>>
>>>> Encryption-Algorithm : 3DES-CBC
>>>> Hash-Algorithm : SHA
>>>> Alternate 1024-bit MODP group
>>>
>>>
>>> The IKE proposal uses 3des-sha1, the responder might not like our
>>> default set (aes128-sha1 or 3des-md5). You might try it with:
>>>
>>>    ike=3des-sha1-modp1024!
>>>
>>> But the default might work as well, depends on the responder what it
>>> allows.
>>>
>>>> Authentication-Method : XAUTHInitRSA
>>>
>>>
>>> Looks like the responder expects RSA client authentication followed by
>>> an XAuth exchange. You can configure this using:
>>>
>>>    leftauth=pubkey
>>>    leftauth2=xauth
>>>
>>> Have a look at [1] for a complete example. Beside the
>>> certificate/private key from the PKCS#12 container, you'll need a
>>> password in ipsec.secrets.
>>>
>>> Regards
>>> Martin
>>>
>>> [1]http://www.strongswan.org/uml/testresults/ikev1/xauth-rsa/index.html
>
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>




More information about the Users mailing list