Apologies, I forgot to attach my config files - I've since verified packets are
arriving from my source server (10.5.51.10) to my firewall on the left but it
doesn't even seem to try and encrypt the traffic - any assistance or pointers
would be greatly appreciated?
{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf350
{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;}
\paperw11900\paperh16840\margl1440\margr1440\vieww9000\viewh8400\viewkind0
\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
\f0\fs24 \cf0 # /etc/ipsec.conf - strongSwan IPsec configuration file\
\
config setup\
plutodebug=all\
charonstart=no\
nat_traversal=yes\
\
conn %default\
ikelifetime=1440m\
keylife=1m\
rekeymargin=3m\
keyingtries=1\
keyexchange=ikev1\
authby=secret\
pfs=no\
\
\
conn net-net\
ike=3des-md5-modp1024,3des-md5-modp1024\
esp=3des-md5,3des-md5\
leftid=@ip-10-5-51-61\
leftsourceip=10.5.51.61\
left=46.51.193.145\
leftsubnet=10.5.0.0/16\
leftfirewall=yes\
right=50.56.121.20\
rightsubnet=10.181.32.0/19\
rightid=@TestNP\
auto=add\
ubuntu@ip-10-5-51-61:~$ \
\
\
!!!!!!!!!! ipsec.secrets follows!!!!!!!!\
\
# /etc/ipsec.secrets - strongSwan IPsec:q!\
46.51.193.145 %any : PSK "Rel1439@RCM#123"}{\rtf1\ansi\ansicpg1252\cocoartf1038\cocoasubrtf350
{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;}
\paperw11900\paperh16840\margl1440\margr1440\vieww9000\viewh8400\viewkind0
\pard\tx566\tx1133\tx1700\tx2267\tx2834\tx3401\tx3968\tx4535\tx5102\tx5669\tx6236\tx6803\ql\qnatural\pardirnatural
\f0\fs24 \cf0 # /etc/ipsec.conf - strongSwan IPsec configuration file\
\
config setup\
plutodebug=all\
charonstart=no\
nat_traversal=yes\
\
conn %default\
ikelifetime=1440m\
keylife=1m\
rekeymargin=3m\
keyingtries=1\
keyexchange=ikev1\
authby=secret\
pfs=no\
\
\
conn net-net\
ike=3des-md5-modp1024,3des-md5-modp1024\
esp=3des-md5,3des-md5\
leftid=@TestNP\
left=50.56.121.20\
leftsubnet=10.181.32.0/19\
leftfirewall=yes\
leftsourceip=10.181.52.82\
right=46.51.193.145\
rightsubnet=10.5.0.0/16\
rightid=@ip-10-5-51-61\
auto=add\
root@TestNP:~# \
\
!!!!!!!!!!!!!!! ipsec.secrets follows !!!!!!!!!!!!!!!\
\
# /etc/ipsec.secrets - strongSwan IPsec:q!\
46.51.193.145 %any : PSK "Rel1439@RCM#123"}
On 17 Apr 2011, at 19:56, neil payne wrote:
>
> Hi,
> I've been trying to set up a vpn (ike v1, site to site with PSK) for the last
> few weeks between two ubuntu hosts without success. I've tried the varying
> configuration options like using rightsubnetwithin instead of rightsubnet and
> testing from the firewalls using leftsourceip but nothing seems to generate
> interesting traffic. I have manually edited ipsec.conf and ipsec.secrets
> only, am I missing a fundamental step?
> I'm attaching the config files (ipsec.secrets contents appended to the end of
> ipsec.conf for convenience of attaching only 2 files here instead of 4), I
> don't see any traffic from the left firewall hitting the right firewall.
> The only peculiarity may be that the left firewall is within an Amazon cloud
> but I'm lead to believe this should not stop the ipsec tunnel from building -
> please help if you can?
> Regards,
> Neil.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
