[strongSwan] Questions for setting up host-host configuration.

Sat, 21 Aug 2021 04:55:43 -0700 

I used StrongSwan-4.2.17 and tried to set up host-host configuration following 
the explanation from https://www.strongswan.org/docs/readme4.htm.

My configuration is like this.
   [ 192.168.1.207 ] ===== [192.168.1.206]
     ss_client              ss_server

<< Configuration on host ss_client >>
/etc/ipsec.d/cacerts/strongswanCert.pem
/etc/ipsec.d/certs/ss_client.pem
/etc/ipsec.d/private/ss_client.key
/etc/ipsec.secrets:
 : RSA ss_client.key

/etc/ipsec.conf
conn  host-host
      left=%defaultroute
      leftcert=ss_client.pem
      right=192.168.1.206
      rightid="C=US, O=Home, CN=ss_server.research-this-that.com"
      auto=start

<< Configuration on host ss_server >>
/etc/ipsec.d/cacerts/strongswanCert.pem
/etc/ipsec.d/certs/ss_server.pem
/etc/ipsec.d/private/ss_server.key
/etc/ipsec.secrets:
 : RSA ss_server.key

/etc/ipsec.conf
conn  host-host
      left=%defaultroute
      leftcert=ss_server.pem
      right=192.168.1.207
      rightid="C=US, O=Home, CN=ss_client.research-this-that.com"
      auto=start

And this is a message when I run ipsec statusall from each host.
Would someone can give me any idea what was wrong?
Or if you need more information from my settings and configuration, please let 
me know.

<< ipsec statusall from ss_client >>
# ipsec statusall
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 192.168.1.207:500
000 interface virbr0/virbr0 192.168.122.1:500
000 %myid = (none)
000 debug none
000
000 "host-host": 192.168.1.207[C=US, O=Home, 
CN=ss_client.research-this-that.com]---192.168.1.1...192.168.1.206[C=US, 
O=Home, CN=ss_server.research-this-that.com]; unrouted; eroute owner: #0
000 "host-host":   CAs: 'C=US, O=Home, 
CN=ss_server.research-this-that.com'...'%any'
000 "host-host":   ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; 
rekey_fuzz: 100%; keyingtries: 3
000 "host-host":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; 
interface: eth0;
000 "host-host":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "host-host":   IKE algorithms wanted: 7_128-2-14,
000 "host-host":   IKE algorithms found:  7_128-2_160-14,
000 "host-host":   ESP algorithms wanted: 12_128-2, 3_000-1,
000 "host-host":   ESP algorithms loaded: 12_128-2_160, 3_192-1_128,
000
000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT 
in 30s
000 #1: pending Phase 2 for "host-host" replacing #0
000

<< ipsec statusall from ss_server >>
# ipsec statusall
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 192.168.1.206:500
000 interface virbr0/virbr0 192.168.122.1:500
000 %myid = (none)
000 debug none
000
000 "host-host": 192.168.1.206[C=US, O=Home, 
CN=ss_server.research-this-that.com]---192.168.1.1...192.168.0.1[C=US, O=Home, 
CN=ss_client.research-this-that.com]; unrouted; eroute owner: #0
000 "host-host":   CAs: 'C=US, O=Home, 
CN=ss_server.research-this-that.com'...'%any'
000 "host-host":   ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; 
rekey_fuzz: 100%; keyingtries: 3
000 "host-host":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; 
interface: eth0;
000 "host-host":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "host-host":   IKE algorithms wanted: 7_128-2-14,
000 "host-host":   IKE algorithms found:  7_128-2_160-14,
000 "host-host":   ESP algorithms wanted: 12_128-2, 3_000-1,
000 "host-host":   ESP algorithms loaded: 12_128-2_160, 3_192-1_128,
000
000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT 
in 1s
000 #1: pending Phase 2 for "host-host" replacing #0
000


Windows の メール から送信

Reply via email to