[strongSwan] No IPsec policies seem to be installing
Chris Babcock
cbabcock at qoya.io
Tue Oct 4 17:19:06 CEST 2016
Hi All,
I'm trying to get strongswan up to protect an L2TP connection. I tested
L2TP without IPsec and it worked. My client is a OpenWRT device running
4.4.1 and strongswan 5.5.0 connecting to an IOS-XE router. I was at
first getting an error with this config:
charondebug="ike 2, knl 3, cfg 0"
conn EAST
esp=aes128-sha256
ike=aes128-sha1-modp1024
left=%any
right=1.1.1.1
rightsubnet=1.1.1.1/32
authby=secret
type=transport
keyexchange=ikev1
auto=start
/etc/strongswan.d/ipsec.conf:3: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [AWS_EAST_PE1]
So I did as I believe I was told by the error and added a '=':
charondebug="ike 2, knl 3, cfg 0"
conn=EAST
esp=aes128-sha256
ike=aes128-sha1-modp1024
left=%any
right=1.1.1.1
rightsubnet=1.1.1.1/32
authby=secret
type=transport
keyexchange=ikev1
auto=start
No parsing error, but it doesn't seem to be protecting interesting
traffic. The Cisco doesnt get any IPsec packets and with tcpdump
packets go out to the address unencrypted. What am I missing? Thanks.
Chris
--
Chris Babcock
Qoya Communications, LLC
*• * P. 615.669.3022 *• * M. 802.291.4284 *•*
cbabcock at qoya.io <mailto:cbabcock at qoya.io> *• * http://www.qoya.io/
PO Box 90120, Nashville, TN 37209
Resilient, reliable, responsive
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161004/74b7ca9f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cdghaihd.jpg
Type: image/jpeg
Size: 9865 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161004/74b7ca9f/attachment-0001.jpg>
More information about the Users
mailing list