Also, I have installed strongSwan using synaptic, that generated server sertificates and placed them in /etc/ipsec.d/certs/ directory.
There was no certificate under /etc/ipsec.d/cacerts/ directory, so I generated them using : "openssl req -x509 -days 1460 -newkey rsa:2048 -keyout strongswanKey.pem -out strongswanCert.pem" I have not changed the server certificates. I did same on roadwarrior machine...is that proper to do? Regards Pankaj Gupta On Thu, Apr 15, 2010 at 7:22 PM, pankaj gupta <[email protected]> wrote: > Also, does anyone have any virtual machine configured as strongSwan > gateway?...I would be of great help if anyone have. > > Regards > Pankaj Gupta > > > > On Thu, Apr 15, 2010 at 7:21 PM, pankaj gupta <[email protected]> wrote: > >> Hi community, >> >> I am pretty desperate to make strongSwan work since last one week, but >> didnt succeded. >> >> I configured using README of strongswan 4.3.6 but connection is not >> working. >> >> I configured /etc/ipsec.conf for roadwarrior case with: >> >> 10.1.0.0/16 -- | 192.168.1.24 | === | 192.168.1.21 | >> karmic-net karmic pankaj-desktop >> >> contents of /etc/ipsec.conf: >> >> config setup >> plutodebug=control >> crlcheckinterval=180 >> strictcrlpolicy=no >> charonstart=no >> >> # Add connections here. >> >> conn %default >> ikelifetime=60m >> keylife=20m >> rekeymargin=3m >> keyingtries=1 >> left=192.168.1.24 >> leftcert=karmicCert.pem >> left...@karmic >> leftfirewall=yes >> >> conn net-net >> leftsubnet=10.1.0.0/16 >> right=192.168.1.21 >> rightsubnet=10.2.0.0/16 >> right...@pankaj-desktop >> auto=add >> >> conn host-host >> right=192.168.1.21 >> right...@pankaj-desktop >> auto=add >> >> conn rw >> left=192.168.1.21 >> leftsubnet=10.1.0.0/16 >> leftcert=karmicCert.pem >> right=%any >> auto=add >> >> >> >> I have configured certificates and roadwarrior machine(pankaj-desktop) as >> well. >> >> Now, I cannot ping 10.1.0.1 from pankaj-desktop(roadwarrior). >> Also commands like 'ipsec status', 'ipsec listcerts' they are not showing >> any result. >> >> Do you see any problem in this configuration? >> >> Please help me configuring this. Let me know any other diagnosis result >> you need to know in this regard. >> >> this is part of the log from /usr/log/auth.log: >> >> Apr 15 18:35:01 karmic CRON[24082]: pam_unix(cron:session): session closed >> for user root >> Apr 15 18:38:32 karmic ipsec_starter[24120]: Starting strongSwan 4.3.6 >> IPsec [starter]... >> Apr 15 18:38:43 karmic ipsec_starter[24133]: pluto too long to start... - >> kill kill >> Apr 15 18:38:45 karmic ipsec_starter[24135]: Starting strongSwan 4.3.6 >> IPsec [starter]... >> Apr 15 18:38:55 karmic ipsec_starter[24160]: pluto too long to start... - >> kill kill >> Apr 15 18:38:56 karmic ipsec_starter[24160]: connect(pluto_ctl) failed: No >> such file or directory >> Apr 15 18:39:01 karmic last message repeated 3 times >> Apr 15 18:39:02 karmic ipsec_starter[24160]: starter_stop_pluto(): pluto >> does not respond, sending KILL >> Apr 15 18:39:03 karmic ipsec_starter[24160]: starter_stop_pluto(): can't >> stop pluto !!! >> Apr 15 18:39:03 karmic starter[24160]: ipsec starter stopped >> Apr 15 18:40:01 karmic CRON[24190]: pam_unix(cron:session): session opened >> for user root by (uid=0) >> >> >> when I run starter with debugging: >> >> r...@karmic:~# /usr/libexec/ipsec/starter --debug-all >> Starting strongSwan 4.3.6 IPsec [starter]... >> | Default route found: iface=eth0, addr=192.168.1.24, nexthop=192.168.1.1 >> | Loading config setup >> | plutodebug=all >> >> | crlcheckinterval=180 >> | strictcrlpolicy=no >> | charonstart=no >> | Loading conn %default >> >> | ikelifetime=60m >> | keylife=20m >> | rekeymargin=3m >> | keyingtries=1 >> | left=192.168.1.24 >> | leftcert=karmicCert.pem >> | left...@karmic >> | leftfirewall=yes >> | Loading conn 'net-net' >> >> | leftsubnet=10.1.0.0/16 >> | right=192.168.1.21 >> | rightsubnet=10.2.0.0/16 >> | right...@pankaj-desktop >> | auto=add >> | Loading conn 'host-host' >> >> | right=192.168.1.21 >> | right...@pankaj-desktop >> | auto=add >> | Loading conn 'rw' >> >> | left=192.168.1.21 >> | leftsubnet=10.1.0.0/16 >> | leftcert=karmicCert.pem >> | right=%any >> | auto=add >> | Found netkey IPsec stack >> >> >> that means starter is working fine, right? >> >> Regards >> Pankaj Gupta >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
