Hi I m new to ipsec tunnel .... Current we are establishing ipsec tunnel
between two linux machines using strongswan open source
Here are config file : alice
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=107.108.204.246
right=107.108.204.245
leftcert=aliceCert.pem
rightid="C=CH, O=Linux strongSwan, CN=venus.strongswan.org"
auto=add
and same on other side
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn host-host
left=107.108.204.245
right=107.108.204.246
leftcert=venusCert.pem
rightid="C=CH, O=Linux strongSwan, CN=alice.strongswan.org"
leftfirewall=yes
auto=add
and log when I run
/usr/sbin/ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.3):
uptime: 10 seconds, since Sep 19 16:37:53 2011
malloc: sbrk 135168, mmap 0, used 82288, free 52880
worker threads: 9 of 16 idle, 6/1/0/0 working, job queue: 0/0/0/0, scheduled:
1
loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints
pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve
socket-default stroke updown eap-aka
Listening IP addresses:
107.108.204.246
2011::14
107.108.204.246
Connections:
host-host: 107.108.204.246...107.108.204.245
host-host: local: [C=CH, O=Linux strongSwan, OU=Sales,
[email protected]] uses public key authentication
host-host: cert: "C=CH, O=Linux strongSwan, OU=Sales,
[email protected]"
host-host: remote: [C=CH, O=Linux strongSwan, CN=venus.strongswan.org]
uses any authentication
host-host: child: dynamic === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
host-host[1]: CONNECTING, 107.108.204.246[%any]...107.108.204.245[%any]
host-host[1]: IKE SPIs: c6d28a10188c9f00_i* 0000000000000000_r
host-host[1]: Tasks active: IKE_VENDOR IKE_INIT IKE_NATD IKE_CERT_PRE
IKE_AUTHENTICATE IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME
IKE_MOBIKE
*********************************
/usr/sbin/ipsec up host-host
retransmit 4 of request with message ID 0
sending packet: from 107.108.204.246[500] to 107.108.204.245[500]
retransmit 5 of request with message ID 0
sending packet: from 107.108.204.246[500] to 107.108.204.245[500]
I m not getting where the error has occurred and why it is unable to establish
connection ..kindly do help me in this regard... hoping any response
Thanks and regards,
Shilpa
________________________________
The contents of this e-mail and any attachment(s) may contain confidential or
privileged information for the intended recipient(s). Unintended recipients are
prohibited from taking action on the basis of information in this e-mail and
using or disseminating the information, and must notify the sender and delete
it from their system. L&T Infotech will not accept responsibility or liability
for the accuracy or completeness of, or the presence of any virus or disabling
code in this e-mail"
_____________________________________________________________________________________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
