[strongSwan] Questions for getting Strongswan up and running
Brian Watson
bwats9999 at gmail.com
Tue May 6 16:54:39 CEST 2014
I also have done the following:
1. ipsec up home
2. I get the following in response
initiating IKE_SA home[1] to 127.0.0.2
configured DH group MODP_2048 not supported
tried to check-in and delete nonexisting IKE_SA
establishing connection 'home' failed
Thanks!
Brian
On Tue, May 6, 2014 at 9:06 AM, Brian Watson <bwats9999 at gmail.com> wrote:
> I have setup strongswan with the config files on 2 virtual boxes running
> Ubuntu 14.04. I have the following with the 2nd virtual machine basically
> mirroring the first with the exception of the ip address being swapped
> around:
>
> 1. I setup the config files on 2 Ubuntu virtualbox machines
> ipsec.conf
> -------------------------
> config setup
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev2
> authby=secret
>
> conn home
> left=127.0.0.2
> leftfirewall=no
> right=127.0.0.3
> auto=add
>
> ipsec.secrets
> ------------------------------
> 127.0.0.2 : PSK <shared secret>
>
> strongswan.conf
> -------------------------------
> charon {
> load = aes des sha1 sha2 md5 gmp random nonce hmac stroke
> kernel-netlink socket-default updown
> }
>
> 2. I issue "sudo ipsec start" and status commands and get the following:
>
> Starting strongSwan 5.1.2 IPsec [starter]...
> !! Your strongswan.conf contains manual plugin load options for charon.
> !! This is recommended for experts only, see
> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> brianswan3 at brianswan3-VirtualBox:/etc$ sudo ipsec status
> Security Associations (0 up, 0 connecting):
> none
>
> 3. The fact that it shows no security associations implies to me that it
> didn't work. Is this true and is there something obvious that I'm doing
> wrong?
>
> Thanks,
> Brian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140506/44d4b497/attachment.html>
More information about the Users
mailing list