Re: [strongSwan] HELP

Andreas Steffen Mon, 14 Jun 2010 04:56:17 -0700

Hi,

with auto=start, strongSwan should automatically start to negotiate
a connection which somehow failed. Could you post me a log from both
end points with plutodebug=control activated in ipsec.conf?


Best regards

Andreas

On 14.06.2010 13:17, Harini Gopalakrishnan wrote:

Hi all,
Kindly help me out in testing strongswan .Can it be done by just pinging the 
host machine's ip address? or it needs a GUI (network manger) for testing?
i have installed the strongswan and have done the following configurations on 
moon and sun resp(host to host) kindly let me know if i am wrong.

1. First i created the self signed certificates using openssl (for both 
strongswanCert and moonCert)
2.then the configuration as below
CONFIGURATION ON THE MOON:

config setup
         # plutodebug=all
         # crlcheckinterval=600
         # strictcrlpolicy=yes
         # cachecrls=yes
         # nat_traversal=yes
          charonstart=no
         # plutostart=no

# Add connections here.

# Sample VPN connections

conn sample-self-signed
          left=%defaultroute
          leftcert=moonCert.pem
          right=xx.xx.xx.xx(some ip address)
          rightcert=sunCert.pem
          auto=start


CONFIGURATION ON THE SUN:

config setup
         # plutodebug=all
         # crlcheckinterval=600
         # strictcrlpolicy=yes
         # cachecrls=yes
         # nat_traversal=yes
          charonstart=no
         # plutostart=no

# Add connections here.

# Sample VPN connections

conn sample-self-signed
          left=%defaultroute
          leftcert=sunCert.pem
          right=xx.xx.xx.xx(ip address)
          rightcert=moonCert.pem
          auto=start

after tat i pinged the the host to which i am connected and checked with  the "ipsec 
status" command
                                                                                
                                                                                
                                      [connected host machine's ip]
000 "sample-self-signed": xx.xx.xx.xx[C=IN, ST=TamilNadu, L=Chennai, O=yyy, 
OU=yyy, CN=, E=emailID]---xx.xx.xx.xx...xx.xx.xx.xx[xx.xx.xx.xx]; unrouted; eroute owner: 
#0
000 "sample-self-signed":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000

Thanks in advance


--
======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] HELP

Reply via email to