[strongSwan] Fwd: How to use IPSec between two hosts using strongswan with IKEv2

Priyaranjan Nayak priyaranjan4169 at gmail.com
Tue May 19 13:54:07 CEST 2015


Hi Andreas,
I am getting below log in both the ubuntu 14.04 LTS machine.Please suggest
me where I went wrong.
Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-32-generic,
x86_64)
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading ca certificates
from '/etc/ipsec.d/cacerts'
May 19 17:16:20 necs101-desktop charon: 00[CFG]   loaded ca certificate
"C=in, ST=karnataka, L=bangalore, O=netcloudsystems, OU=dev, CN=necs, E=
priyaranjan at netcloudsystems.com" from
'/etc/ipsec.d/cacerts/strongswanCert.pem'
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading aa certificates
from '/etc/ipsec.d/aacerts'
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading ocsp signer
certificates from '/etc/ipsec.d/ocspcerts'
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading attribute
certificates from '/etc/ipsec.d/acerts'
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
May 19 17:16:20 necs101-desktop charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
May 19 17:16:20 necs101-desktop charon: 00[LIB] loaded plugins: charon
test-vectors aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation
constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm
attr kernel-netlink resolve socket-default stroke updown eap-identity
addrblock
May 19 17:16:20 necs101-desktop charon: 00[LIB] unable to load 5 plugin
features (5 due to unmet dependencies)
May 19 17:16:20 necs101-desktop charon: 00[LIB] dropped capabilities,
running as uid 0, gid 0
May 19 17:16:20 necs101-desktop charon: 00[JOB] spawning 16 worker threads
May 19 17:16:20 necs101-desktop charon: 05[CFG] crl caching to
/etc/ipsec.d/crls enabled
May 19 17:16:20 necs101-desktop charon: 04[CFG] received stroke: add ca
'strongswan'
May 19 17:16:20 necs101-desktop charon: 04[CFG]   loaded ca certificate
"C=in, ST=karnataka, L=bangalore, O=netcloudsystems, OU=dev, CN=necs, E=
priyaranjan at netcloudsystems.com" from 'strongswanCert.pem'
May 19 17:16:20 necs101-desktop charon: 04[CFG] added ca 'strongswan'
May 19 17:16:20 necs101-desktop charon: 09[CFG] received stroke: add
connection 'host-host'
May 19 17:16:20 necs101-desktop charon: 09[LIB] OpenSSL X.509 parsing failed
May 19 17:16:20 necs101-desktop charon: 09[LIB] building CRED_CERTIFICATE -
ANY failed, tried 1 builders
May 19 17:16:20 necs101-desktop charon: 09[CFG]   loading certificate from
'hostKey.pem' failed
May 19 17:16:20 necs101-desktop charon: 09[CFG] added configuration
'host-host'


On Tue, May 19, 2015 at 4:40 PM, Priyaranjan Nayak <
priyaranjan4169 at gmail.com> wrote:

> Hi Andreas,
>
> I have got below syslogs from my machine.
>
>  Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-19-generic,
> x86_64)
> May 19 16:23:49 priya charon: 00[CFG] loading ca certificates from
> '/etc/ipsec.d/cacerts'
> May 19 16:23:49 priya charon: 00[CFG]   loaded ca certificate "C=in,
> ST=karnataka, L=bangalore, O=netcloudsystems, OU=dev, CN=necs, E=
> priyaranjan at netcloudsystems.com" from
> '/etc/ipsec.d/cacerts/strongswanCert.pem'
> May 19 16:23:49 priya charon: 00[CFG] loading aa certificates from
> '/etc/ipsec.d/aacerts'
> May 19 16:23:49 priya charon: 00[CFG] loading ocsp signer certificates
> from '/etc/ipsec.d/ocspcerts'
> May 19 16:23:49 priya charon: 00[CFG] loading attribute certificates from
> '/etc/ipsec.d/acerts'
> May 19 16:23:49 priya charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
> May 19 16:23:49 priya charon: 00[CFG] loading secrets from
> '/etc/ipsec.secrets'
> May 19 16:23:49 priya charon: 00[LIB] building CRED_PRIVATE_KEY - RSA
> failed, tried 5 builders
> May 19 16:23:49 priya charon: 00[CFG]   loading private key from
> '/etc/ipsec.d/private/hostKey.pem' failed
> May 19 16:23:49 priya charon: 00[LIB] loaded plugins: charon test-vectors
> aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints
> pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr
> kernel-netlink resolve socket-default stroke updown eap-identity addrblock
> May 19 16:23:49 priya charon: 00[LIB] unable to load 5 plugin features (5
> due to unmet dependencies)
> May 19 16:23:49 priya charon: 00[LIB] dropped capabilities, running as uid
> 0, gid 0
> May 19 16:23:49 priya charon: 00[JOB] spawning 16 worker threads
> May 19 16:23:49 priya charon: 03[CFG] crl caching to /etc/ipsec.d/crls
> enabled
> May 19 16:23:49 priya charon: 09[CFG] received stroke: add ca 'strongswan'
> May 19 16:23:49 priya charon: 09[CFG]   loaded ca certificate "C=in,
> ST=karnataka, L=bangalore, O=netcloudsystems, OU=dev, CN=necs, E=
> priyaranjan at netcloudsystems.com" from 'strongswanCert.pem'
> May 19 16:23:49 priya charon: 09[CFG] added ca 'strongswan'
> May 19 16:23:49 priya charon: 10[CFG] received stroke: add connection
> 'host-host'
> May 19 16:23:49 priya charon: 10[LIB] OpenSSL X.509 parsing failed
> May 19 16:23:49 priya charon: 10[LIB] building CRED_CERTIFICATE - ANY
> failed, tried 1 builders
> May 19 16:23:49 priya charon: 10[CFG]   loading certificate from
> 'hostKey.pem' failed
> May 19 16:23:49 priya charon: 10[CFG] added configuration 'host-host'
>
>
>
> On Tue, May 19, 2015 at 4:03 PM, Andreas Steffen <
> andreas.steffen at strongswan.org> wrote:
>
>>  Hi Priyaranjan,
>>
>> the links I sent you should be fine as a guidance for your host-host
>> IPsec setup. If you run into any problems just send us the strongSwan
>> log files.
>>
>> Regards
>>
>> Andreas
>>
>> On 19.05.2015 12:26, Priyaranjan Nayak wrote:
>>
>>> Hi Andreas,
>>>
>>> I have two machine i.e 192.168.1.116 and 192.168.1.118 and wanted to
>>> setup the IPsec between these two machine. In my network one MODEM ,
>>> SWITCH  and two machine are there.For more clarification of network, I
>>> have attached the network diagram. I have tried the above link ,it's not
>>> working for me . Please suggest me to setup the IPsec for my
>>> network.Thanks for your quick reply.
>>>
>>> On Tue, May 19, 2015 at 1:38 PM, Andreas Steffen
>>> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
>>> wrote:
>>>
>>>     Hi Priyaranjan,
>>>
>>>     here is an example for a host-host connection in IPsec tunnel mode:
>>>
>>>     http://www.strongswan.org/uml/testresults/ikev2/host2host-cert/
>>>
>>>     and here in IPsec transport mode:
>>>
>>>     http://www.strongswan.org/uml/testresults/ikev2/host2host-transport/
>>>
>>>     Regards
>>>
>>>     Andreas
>>>
>>>     POn 05/19/2015 09:47 AM, Priyaranjan Nayak wrote:
>>>      > Hi All,
>>>      >
>>>      > I wanted to use the strongswan with IKEv2 for IPsec between two
>>>     hosts.
>>>      > Could you please suggest me how can configure for two hosts ?
>>>      > Please suggest me if you have any other idea/link ?
>>>      >
>>>      >
>>>      > Thanks
>>>      > Priyaranjan
>>>
>>>
>>> ======================================================================
>>>     Andreas Steffen andreas.steffen at strongswan.org
>>>     <mailto:andreas.steffen at strongswan.org>
>>>     strongSwan - the Open Source VPN Solution! www.strongswan.org
>>>     <http://www.strongswan.org>
>>>     Institute for Internet Technologies and Applications
>>>     University of Applied Sciences Rapperswil
>>>     CH-8640 Rapperswil (Switzerland)
>>>
>>> ===========================================================[ITA-HSR]==
>>>
>>>
>>>
>>>
>>> --
>>> Thanks
>>> Priyaranjan
>>>
>>
>> --
>> ======================================================================
>> Andreas Steffen                         andreas.steffen at strongswan.org
>> strongSwan - the Open Source VPN Solution!          www.strongswan.org
>> Institute for Internet Technologies and Applications
>> University of Applied Sciences Rapperswil
>> CH-8640 Rapperswil (Switzerland)
>> ===========================================================[ITA-HSR]==
>>
>>
>
>
> --
> Thanks
> Priyaranjan
>



-- 
Thanks
Priyaranjan



-- 
Thanks
Priyaranjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150519/27433c0a/attachment-0001.html>


More information about the Users mailing list