[strongSwan] IPSec -Charon versus Pluto
Farid Farid
farid21657 at yahoo.com
Fri Oct 18 03:48:22 CEST 2013
Hello Everyone,
I have a machine Ubunto 12.0 with strongSwan 4.5.2.1.
I have observed if I select charonstat=yes and plutostart=no ipsec is not listening in all interfaces and it never receives any connection from outside.
>>netstat -ualn shows the following:
udp 0 0 0.0.0.0:500 0.0.0.0:*
If I select charonstat=no and plutostart=yes then it will receive connection from outside
>>netstat -ualn shows the following:
udp 0 0 127.0.0.1:500 0.0.0.0:*
udp 0 0 192.168.1.209:500 0.0.0.0:*
udp 0 0 192.168.45.160:500 0.0.0.0:*
Am I missing something here when I select Charnstart=yes ?
Thanks for the help.
Farid
Here is the ipsec.conf and strongswan.com:
:config setup
plutodebug=all
charonstart=yes
plutostart=no
conn %default
keyingtries=1
keyexchange=ikev2
left=192.18.1.209
leftid=@lmu209
authby=secret
mobike=no
pfs=no
auto=add
here is the strongswan.conf in server side: ( Ubuntu):
~# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = 2
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
}
# ...
}
pluto {
# load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
}
libstrongswan {
# set to no, the DH exponent size is optimized
dh_exponent_ansi_x9_42 = no
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131017/30ce1561/attachment.html>
More information about the Users
mailing list