[strongSwan] Strongswan site2site tunnel

Filip Maroul filip at filipnet.cz
Wed Apr 5 10:23:21 CEST 2017 

Hello users of strongswan,
I am new to strangswan. I prepare some config files for both sites but I 
am confused with ip address on externel site. I have only one public IP 
on the othere site is no public IP it is possible to make tunnel work ?
I attach configuration files for both site. Where I am not sure with IP 
I add ???.

First site is name neptune.filip.local
Second site name is pluto.it.local

On both sites I have in /etc/ipsec.secrets prshared key

Thank you for any help. When I tune up config files I will move to 
iptables rules :-)

-- 
S pozdravem
Filip Maroul
filip at filipnet.cz

-------------- next part --------------
config setup
	charondebug="ike 2, knl 2, cfg 2, mgr 2"

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=3
	authby=secret
	keyexchange=ikev2
	mobike=no
	type=tunnel
	esp=aes256-sha512-ecp521!
	ike=aes256-sha512-ecp521!

conn net-net
	left=193.155.68.xxx /public IP site
	leftsubnet=192.168.0.0/24
	leftid=@neptun.filip.local
	leftfirewall=yes
	right=192.168.5.250 ??? / site without public IP
	rightsubnet=192.168.3.0/26
	rightid=@pluto.it.local
	auto=start

-------------- next part --------------
neptun.filip.local @pluto.it.local : PSK S8MdL1u6V730X+lQ1JszmPyDgLFiXOnoHK1nx+i4Ot87MdQDCPDEvwfrzhwMDZszqnVxfiVkSNk8SeqHEeFK6zvXGenN5A+Dwcmy/hjWN8/yWNYY6GFGFN+/TY7x7t5adW0PAG0mOmm+WWUjV1fQX7ECenIkpExw6lK4ViXMUhHSYFhpsuMZ7bpfR5hTBAwB1orP2Z0td3AnV35qt9doGRfgPA7Ncf+4PmRLi30K47KKdyHPn1nNlGc5RPm31xItIGXyp9yaByMgZi5WpHmJ1lktRfwnFxD/V1v6qMXb14S5upvw3qBggTAjnkjJN12VETn3ecJQyhpsKY+Ljo+bK3GjDoYxKLNRfK0MZL5kbaWuZ1BRShrw2af2sMUgpngfgYZFaCmnDbSBNV3d54R0fgQ+S269DLtes9005aL4qeNyVMz6iDPInVjR060UfzgWDNgvfM0LchTHlI0nHWntK6rXyvx0j+jC6MiwSZ1oOW5kzlpWIkLp/gPk2pxwknMVzlu6xk2zLDTuI+1jnj+M2Xg7kK52ftXnwBDdv8zShAn7KDt6I0X14GmeE32QEXKIRvdI+GFIJblzZ1Nka2teqQNpCc+IT55GIlq4Zb2rQIHjGavgglTCARMqbUBgifzNohDzPnBU7tkMn6zZdjXMwWNvbIh0plxERm4+1BjEqxAPKoc42/rehGRAybdGmkGsPDO9VMES/IvevSrHqEBq9psgvSwBfVT5Oc2CUHuHEPCagwwE/Hg0FeqeKtfZkw7qEaPstngipkE1JC1io1K9WoaAxKBwxNZBxPfzMAKDD/FacGGcb0ZmvjrVFnbI7Jy5CgHGPrCSx3aTKGhw8Gsuyv6hj7IeOnMhZ1SKJXs43uDgIwWDerp56Efkrph3ap0WcsIoMPZSu2gXliF4npzZBc1jrAfPX+/iLmcCIH8291XQq302AdH2ru/CwUTr52nBF27dMcbDlBQobK0valYo/j4uXWakKhOcwVr6d9MydzZnfSiflZ1X8nrV8eBNpAKm

-------------- next part --------------
config setup
	charondebug="ike 2, knl 2, cfg 2, mgr 2"

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=3
	authby=secret
	keyexchange=ikev2
	mobike=no
	type=tunnel
	esp=aes256-sha512-ecp521!
	ike=aes256-sha512-ecp521!

conn net-net
	left=192.168.5.250 / ip address of server where is no public ip
	leftsubnet=192.168.3.0/26
	leftid=@pluto.it.local
	leftfirewall=yes
	right=93.155.68.xxx / My public IP
	rightsubnet=192.168.0.0/24
	rightid=@neptun.filip.local
	auto=start

More information about the Users mailing list