[strongSwan] host2host-cert using sql

Michael C. Cambria mcc at fid4.com
Fri May 29 21:32:48 CEST 2015


Is there an example of MySQL configuration for host2host?

I'm migrating a working host2host setup from .conf to MySql.  To keep 
things simple, only one end is moving to sql.

I've been looking at [0] as a guide and have something "almost" working.

For host2host, I don't know what values to put in the traffic_selectors 
table, if any.  In the ipsec.conf case, I just leave left|rightsubnet 
out of the config.

With no values in the traffic_selectors table, or when I use 
start_addr=<IPv4-addr> end_addr=<IPv4-addr>, or other guesses, the 
IKE_SA comes up, but I get:

received TS_UNACCEPTABLE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA

Is there an example, or a document I can look at for host2host using sql?

I also had an issue where the cert sent from the non-sql side wasn't 
accepted by the sql side.  I worked around it by putting the CA Cert/Key 
in ipsec.d./cacert, ipsec.d/private for now.



More information about the Users mailing list