[strongSwan] RouterOS 6.29 and Strongswan IPSec site to site

User Qmail qt at ck-lee.com
Mon Aug 10 07:52:36 CEST 2015 

Hi,

Here is the strongswan part

config setup
    uniqueids=never

# also supports iOS PSK and Shrew on Windows
conn android_xauth_psk
    keyexchange=ikev1
    left=%defaultroute
    leftauth=psk
    leftsubnet=0.0.0.0/0
    right=%any
    rightauth=psk
    rightauth2=xauth
    rightsourceip=10.1.2.0/24
    auto=add

conn %default
    ikelifetime=8h
    keylife=1h
    rekeymargin=3m
    keyingtries=%forever
    keyexchange=ikev1
    authby=psk
    ike=3des-sha1-modp1024
    esp=3des-md5-modp1536

conn ROSconn
     left=vps_ip
     leftsubnet=10.1.2.0/24
     right=routeros_ip
     rightsubnet=192.168.128.0/24
     keyexchange=ike
     authby=secret
     ike=3des-md5-modp1024!
     esp=3des-md5-modp1024
     type=tunnel
     auto=start

I set up accordingly for the routerOS

On Mon, Aug 10, 2015 at 12:46 PM, Nitin Agarwal
<nitin.agarwal at symstream.com> wrote:
> Hi
>
> What are the configurations you did on both sides ?
> And, what error you are getting ?
>
>
>
> Best Regards
> Nitin Agarwal
> Symstream Technology Group
> M +91 9818893018
> nitin.agarwal at symstream.com | Skype: nitin_symstream
>
>
>
>
>
>
>
> On Mon, Aug 10, 2015 at 10:13 AM, User Qmail <qt at ck-lee.com> wrote:
>>
>> Hi,
>>
>> I am looking for help to create a IPSec site to site tunnel to a
>> remote site using RouterOS. The remote site is a VPS with public and
>> static IP which uses a debian 7 as the base OS. Strongswan 5.3 is
>> installed at the remote site and andriod users can log in.
>>
>> The local Router OS is also on a static IP which serves the lan users
>> via address 192.168.128.0/24
>>
>> I have tried with different ways but not able to succeed in having a
>> tunnel.
>>
>> Can one help to point me a how to?
>>
>> CK
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
>
> This message (and any associated files) is intended only for the use of the
> individual or entity to which it is addressed and may contain information
> that is confidential, subject to copyright or constitutes a trade secret. If
> you are not the intended recipient you are hereby notified that any
> dissemination, copying or distribution of this message, or files associated
> with this message, is strictly prohibited. If you have received this message
> in error, please notify Symstream Technology Group immediately by replying
> to the message and deleting it from your computer. Messages sent to and from
> us may be monitored. Internet communications cannot be guaranteed to be
> secure or error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses. Therefore, we do
> not accept responsibility for any errors or omissions that are present in
> this message, or any attachment, that have arisen as a result of e-mail
> transmission. If verification is required, please request a hard-copy
> version. Any views or opinions presented are solely those of the author and
> do not necessarily represent those of the company.
> ________________________________

More information about the Users mailing list