hello,
i'm new to strongswan and try to use it for my ipad and iphone to access my lan
(i have openvpn running on my windows boxes (client) and the openvpn server on
the same box as the ipsec but with ipsec i can connect but only this box where
ipsec is on - so it looks like the config from the wiki
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) works for
connecting but not for accessing any other box on my lan than the box where
ipsec is on.
iphone ---> xx.dyndns.org (router IP: 192.168.1.254) --> port 500/4500 are
routed to 192.168.1.51 where strongswan is running on
my config looks like this:
ipsec.conf:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
# charonstart=yes
plutostart=yes
# Add connections here.
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
# left=hohaso.dyndns.org
leftfirewall=yes
leftcert=serverCert.pem
right=%any
# rightsubnet=10.8.0.0/24
# rightsourceip=10.8.0.5
rightsubnet=192.168.1.0/24
rightsourceip=192.168.1.11
rightcert=clientCert.pem
pfs=no
auto=add
i tried here to use the lan ip's as well but some result not difference for 10
or 192 network
strongswan.conf
charon {
# number of worker threads in charon
threads = 16
# plugins to load in charon
load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
# plugins {
# sql {
# loglevel to log into sql database
# loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
# }
# }
# ...
}
pluto {
# plugins to load in pluto
# load = aes des sha1 md5 sha2 hmac gmp random pubkey
dns1 = 192.168.1.254
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
so within the log file all looks ok i guess?
Nov 27 23:52:02 holli-nas-2 pluto[31618]: | NAT-T: new mapping
46.207.255.74:22256/5848)
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sent
MR3, ISAKMP SA established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
sending XAUTH request
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
parsing XAUTH reply
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
extended authentication was successful
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
sending XAUTH status
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
parsing XAUTH ack
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
received XAUTH ack, established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
parsing ModeCfg request
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
unknown attribute type (28683)
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: peer
requested virtual IP %any
Nov 27 23:52:02 holli-nas-2 pluto[31618]: reassigning offline lease to 'holli'
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
assigning virtual IP 10.8.0.5 to peer
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3:
sending ModeCfg reply
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sent
ModeCfg reply, established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4:
responding to Quick Mode
Nov 27 23:52:03 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4: IPsec
SA established {ESP=>0x0174e0da <0xccf7980d NATOA=0.0.0.0}
and on the iphone i get a welcome with success but i can only access the box
where ipsec is on so what is the trick to access all boxes on the lan and have
also access to the internet?
thanks
holli
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
