Hi,
I would like my machine to be a VPN server for mobile devices in my
university lab. I also would like the mobile devices to access the
internet through my machine even if they are outside my lab. I do not
wish to root these phones. My machine has a public IP address and my
mobile devices can ping my machine from networks that are outside my
university. I am following the steps presented in the URL
http://wiki.strongswan.org/projects/strongswan/wiki/Fornewbies for
setting up the VPN. I have generates self signed certificates and
placed the key and certificate files at the appropriate location. I
am currently using strongswan 4.6.4 and I would like to migrate to the
5.x version once it is available. I have currently flushed out all the
firewall rules on my machine (VPN server) using iptables --flush to
ensure that no packets are dropped by the firewall on my machine.
The contents of my ipsec.secrets file is as follows
# ipsec.secrets - strongSwan IPsec secrets file
: RSA server.key
: PSK "hello"
The contents of ipsec.conf file is as follows
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn rw
left=<public IPv4 address of my machine>
leftcert=server.crt
leftid=@<myservername.myuniversity.edu>
# leftsubnet=10.1.0.0/16
leftfirewall=yes
right=%any
auto=add
The contents of the strongswan.conf are as follows.
# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
# plugins to load in charon
# load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
filelog {
/var/log/charon.log {
# loggers to files also accept the append option to
open files in
# append mode at startup (default is yes)
append = no
# the default loglevel for all daemon subsystems
(defaults to 1).
default = 3
}
stderr {
# more detailed loglevel for a specific subsystem,
overriding the
# default loglevel.
ike = 2
knl = 3
}
}
syslog {
# default level to the LOG_DAEMON facility
daemon {
}
# very minimalistic IKE auditing logs to LOG_AUTHPRIV
auth {
default = -1
ike = 0
}
}
}
I am using an android device (version 4.0) to connect to this VPN
server. I am not using the android client for strongswan as I cannot
root these devices.
Regards,
Ashwin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
