This is my current configuration.
If anyone could provide a place for me to start that would be great. Thanks in
advance.
Strognswan.conf
# strongswan.conf - strongSwan configuration file
charon {
dns1 = 172.16.1.2
dns2 = 172.16.1.241
charon.install_routes = yes
# number of worker threads in charon
threads = 16
# ORIGINAL ##plugins to load in charon
#load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
eapradius eap-tls pem
#load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation
hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
filelog {
/var/log/charon.log {
# loggers to files also accept the append option to open files in
# append mode at startup (default is yes)
append = no
# the default loglevel for all daemon subsystems (defaults to 1).
default = 2
}
stderr {
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
}
}
syslog {
# default level to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 3
}
}
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
eap_radius {
secret = 1234
server = 10.5.1.20
}
}
# ...
}
pluto {
# plugins to load in pluto
# load = aes des sha1 md5 sha2 hmac gmp random pubkey
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
Ipsec.conf
config setup
plutostart=no
conn %default
keyexchange=ikev2
type=tunnel
rekeyfuzz=0%
rekeymargin=30s
rekey=yes
reauth=no
ikelifetime=7m
keylife=5m
authby=secret
conn rw-psk
left=%defaultroute
leftid=10.137.205.202
leftsubnet=172.16.1.0/24
leftfirewall=no
right=%any
rightid=%any
rightsubnetwithin=172.16.1.0/24
rightsourceip=172.16.1.60/24
auto=add
Regards,
Adrian
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
Adrian Milanoski
Sent: Wednesday, February 15, 2012 1:51 PM
To: Martin Willi
Cc: [email protected]
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
Martin,
Ipv4 ip_forward is enabled
Regards,
Adrian
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
Adrian Milanoski
Sent: Wednesday, February 15, 2012 1:35 PM
To: Martin Willi
Cc: [email protected]
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
How can I check to see if that is enabled?
I will try googling now in parallel....
Thank you for the response....
Regards,
Adrian Milanoski
Short Range Protocols
WLAN IOT / Pre-Cert
Lab Administrator
Research In Motion Limited
Tel. (289) 261-5801
EmailĀ [email protected]
-----Original Message-----
From: Martin Willi [mailto:[email protected]]
Sent: Friday, February 10, 2012 8:36 AM
To: Adrian Milanoski
Cc: [email protected]
Subject: Re: [strongSwan] strongSwan 4.5.0 Not routing
Hello Adrian,
> but I cannot ping anything on the private side however when on the GW
> itself I can ping both public and private networks.
Have you enabled IP forwarding in the kernel? Have all involved hosts
routes for your VPN connection?
Regards
Martin
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
