Hi all,
Kindly help me out in testing strongswan .Can it be done by just pinging the
host machine's ip address? or it needs a GUI (network manger) for testing?
i have installed the strongswan and have done the following configurations on
moon and sun resp(host to host) kindly let me know if i am wrong.
1. First i created the self signed certificates using openssl (for both
strongswanCert and moonCert)
2.then the configuration as below
CONFIGURATION ON THE MOON:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=no
# plutostart=no
# Add connections here.
# Sample VPN connections
conn sample-self-signed
left=%defaultroute
leftcert=moonCert.pem
right=xx.xx.xx.xx(some ip address)
rightcert=sunCert.pem
auto=start
CONFIGURATION ON THE SUN:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=no
# plutostart=no
# Add connections here.
# Sample VPN connections
conn sample-self-signed
left=%defaultroute
leftcert=sunCert.pem
right=xx.xx.xx.xx(ip address)
rightcert=moonCert.pem
auto=start
after tat i pinged the the host to which i am connected and checked with the
"ipsec status" command
[connected host machine's ip]
000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy,
OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted;
eroute owner: #0
000 "sample-self-signed": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
Thanks in advance
This Email may contain confidential or privileged information for the intended
recipient (s) If you are not the intended recipient, please do not use or
disseminate the information, notify the sender and delete it from your system.
______________________________________________________________________
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users