[strongSwan] Issues with kernel-libipsec

Tobias Guggemos tobias.guggemos at stud.ifi.lmu.de
Tue Nov 26 11:29:49 CET 2013


Hello
I try to set up a host2host connection between a Ubuntu server in IPsec
Kernel-Mode and a Client (Ubuntu and Raspbian) in IPsec User-Mode.
I use strongswan 5.1.1. I enabled the plugin and did configuration steps
described in [1].
I can successful up the connection, but I cannot ping or send any other
traffic between the two hosts.
I tried setting the server in User-Mode, too. Then I can see ICMP messages
through the ipsec0 interface, but they do not come back to the client.

Best Regards
Tobias

My configuration for server is:
conn %default
        authby=psk
        ike=aes128-aes192-aes256-sha1-modp1536!
        ikelifetime=60m
        keylife=10m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        forceencaps=yes

conn conn2client10-193-160-49-80
        esp=aes256-sha1!
        right=10.193.160.49
        rightid=@client_10.193.160.49
        left=10.193.160.114
        leftid=@server_10.193.160.114
        auto=add

My configuration for Client is:

conn %default
        authby=psk
        ike=aes128-aes192-aes256-sha1-modp1536!
        ikelifetime=60m
        keylife=10m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        forceencaps=yes

conn conn2client10-193-160-49-80
        esp=aes256-sha1!
        right=10.193.160.91
        rightid=@server_10.193.160.91
        left=10.193.160.49
        leftid=@client_10.193.160.49
        auto=add


[1] http://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec






More information about the Users mailing list