[strongSwan] Issues with kernel-libipsec
Tobias Guggemos
tobias.guggemos at stud.ifi.lmu.de
Tue Nov 26 11:29:49 CET 2013
Hello
I try to set up a host2host connection between a Ubuntu server in IPsec
Kernel-Mode and a Client (Ubuntu and Raspbian) in IPsec User-Mode.
I use strongswan 5.1.1. I enabled the plugin and did configuration steps
described in [1].
I can successful up the connection, but I cannot ping or send any other
traffic between the two hosts.
I tried setting the server in User-Mode, too. Then I can see ICMP messages
through the ipsec0 interface, but they do not come back to the client.
Best Regards
Tobias
My configuration for server is:
conn %default
authby=psk
ike=aes128-aes192-aes256-sha1-modp1536!
ikelifetime=60m
keylife=10m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
forceencaps=yes
conn conn2client10-193-160-49-80
esp=aes256-sha1!
right=10.193.160.49
rightid=@client_10.193.160.49
left=10.193.160.114
leftid=@server_10.193.160.114
auto=add
My configuration for Client is:
conn %default
authby=psk
ike=aes128-aes192-aes256-sha1-modp1536!
ikelifetime=60m
keylife=10m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
forceencaps=yes
conn conn2client10-193-160-49-80
esp=aes256-sha1!
right=10.193.160.91
rightid=@server_10.193.160.91
left=10.193.160.49
leftid=@client_10.193.160.49
auto=add
[1] http://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec
More information about the Users
mailing list