[strongSwan] Dynamic IP Gateway

bjoern wahl bjoern.wahl at hospital-borken.de
Tue Nov 25 22:27:41 CET 2014


Hello!

I want to connect a Pidora Gateway with a dynamic ip adress to a static
gateway in my company.
When i enter the fix ip-address to both sides everything works find. But
i just do not get the point, how to do that with a
dynamic ip address at one side.

I found the examples at [1] but i still do not get it working.

At the GW with the static ip the config looks like this:

================================================
conn pidora
        keyexchange=ikev1
        closeaction=restart
        compress=no
        authby=secret
        leftid=FIX-IP-OF-THE-ONE-GW
        left=FIX-IP-OF-THE-ONE-GW
        leftsubnet=x.x.x.x/xx
        rightid=DYN-IP-OF-THE-OTHER-GW
        right=DYN-IP-OF-THE-OTHER-GW
        rightsubnet=yyy.yy.yy.0/24
        ike=aes256-sha-modp1024
        esp=aes256-sha1
        auto=add

================================================

So for me it is all about the rightid which does not work if i give it a
name like "rightid=pidora". And it also does not work 
if I do "rigth=%any".

The strongswan versions are not the same btw. The GW with the fix ip is
Linux strongSwan U5.1.1 and the version on the pidora is a 
newer version.
Actually I can not enter the client now, so i can not tell you the exact
version we use there, sorry.

I also read something about nameresolution via dyndns. So I have the
question if this is needed. I understand that in any other way
the GW with the fix IP would never be able to open the connection as
this side does not know the ip, but does it ever have to ?

In my mind i think of the GW with the dynamic IP always initiating the
connection, is this working ?
How would a configuration look like ?

I did saw [1] which seems to me to be the exact same thing i want, but i
did not work out for me with this config. I do not want to 
user certs and I used no xy at test.com as the rightid, would that be the
reason why it did not work ?

Thanks for any idea.

björn

[1] https://www.strongswan.org/testresults4.html


----------------------------------------------------------------------------------------------------
Klinikverbund Westmünsterland gGmbH
 Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken
 Registergericht Coesfeld, HRB Nr. 8983
 Ust.-Id.Nr.: DE 222740345
 Geschäftsführer: Christoph Bröcker, Ludger Hellmann
 
 Diese E-Mail enthält vertrauliche oder rechtlich geschützte
Informationen. Wenn Sie nicht der beabsichtige Empfänger sind,
informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail.
 
 Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.
 
 Dem Klinikverbund Westmünsterland sind fünf Krankenhäuser mit 1.332
Planbetten und mehrere Einrichtungen der Altenhilfe angeschlossen. Mehr
als 50 Fachbereiche orientieren sich an neusten medizinischen Standards
und erfüllen die hohen Anforderungen einer qualifizierten und
zertifizierten Versorgung. Rund 50.000 Patienten werden jährlich in den
Krankenhäusern stationär behandelt. Mit über 3.800 Mitarbeitern gehört
der Verbund zu den größten Arbeitgebern der Region.



More information about the Users mailing list