[strongSwan] Instructions on getting 2 virtual boxes connected with strongswan

Brian Watson brianwatson999999 at gmail.com
Thu May 1 20:56:06 CEST 2014 

So is this the information that I should follow from the wiki:

Is it best to use the NetworkManager plugin?
Configuration Files

The configuration files used by strongSwan are as follows:

   - ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf>:
   provides the configuration of IPsec connections
   - ipsec.secrets<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets>:
   lists the secrets (pre-shared keys, private keys)
   - ipsec.d<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory>:
   stores certificates and private keys
   - strongswan.conf<http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf>:
   allows one to configure global settings

Other Configuration Sources

The configuration may also be loaded from an SQL
database<http://wiki.strongswan.org/projects/strongswan/wiki/SQL>or
provided by custom plugins like the one used with
the NetworkManager
plugin<http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager>
.
Invocation and Maintenance

strongSwan is usually controlled with the ipsec
command<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand>.
ipsec start will start the starter
daemon<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStarter>which
in turn
starts and configures the keying daemon
charon<http://wiki.strongswan.org/projects/strongswan/wiki/Charon>
.

Connections defined as conn sections in
ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>can
be started on three different occasions:

   - *On startup*: Connections configured with *auto=start* will
   automatically be established when the daemon is started.
   - *On traffic*: If *auto=route* is used, IPsec policies for the
   configured traffic (*left|rightsubnet*) will be installed and traffic
   matching these policies will trigger events that cause the daemon to
   establish the connection.
   - *Manually*: A connection that uses *auto=add* has to be established
   manually with ipsec up <name>. It is also
   possible to use ipsec route <name> to install policies manually for such
   connections.

After an SA has been established ipsec down may be used to tear down the
IKE_SA or individual CHILD_SAs.

Whenever the ipsec.conf<http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecconf>file
is changed it may be reloaded with ipsec
update or ipsec reload. Already established
connections are not affected by these commands, if that is required ipsec
restart must be used.

If ipsec.secrets<http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecsecrets>or
the files in
ipsec.d <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory>have
been changed the ipsec
reread...<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Reread-Commands>commands
may be used to reload these files.
End-entity certificates placed in
ipsec.d/certs<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCerts>are
not reloaded automatically, instead they are loaded whenever
referenced
with *left|rightcert* in a conn
section<http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>.
Using the ipsec
purge...<http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Purge-Commands>commands
may be required in order for the new files to be used.

Using the ipsec
list...<http://wiki.strongswan.org/projects/strongswan/wiki/Ipseccommand#List-Commands>commands
will provide information about loaded or cached certificates,
supported algorithms and
loaded plugins.



On Thu, May 1, 2014 at 11:34 AM, Brian Watson
<brianwatson999999 at gmail.com>wrote:

> Hi,
>   I'm new to StrongSwan and am looking for some good instructions on
> setting up a VPN between 2 virtual machines running on the same laptop. The
> wiki pages seem to lay out a lot of different scenarios, but nothing to
> walk you through the steps necessary to start from scratch. I've downloaded
> the sw into my Ubuntu machine, but can't find the instructions as to what
> app to start and what to do next.
>
>   Any ideas?
>
> Thanks,
>    Brian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140501/1d18cc3f/attachment.html>

More information about the Users mailing list