Hello list,
My goal is building a IPv4 IPSec tunnel using IKEv1.
Ubuntu 12.10 GNU/Linux AMD64
Strongswan 4.5.2
/etc/strongswan.conf:
pluto {
load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
}
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
/etc/ipsec.conf:
config setup
plutodebug=all
charonstart=no
plutostart=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn here
left=192.168.0.22
right=12.34.56.78
rightsubnet=192.168.1.0/24
auto=add
/etc/ipsec.secrets:
12.34.56.78 : PSK "0000111122223333"
It would seem that the above config should suffice to at least send
UDP packets to host 12.34.56.78 ports 500 or 4500, but...
192.168.0.22# /etc/init.d/ipsec start
192.168.0.22# ps aux | grep pluto
root 3662 ... 18:08 /usr/lib/ipsec/pluto --nofork --uniqueids --debug-all
192.168.0.22# /usr/lib/ipsec/whack --status
000 "here":
192.168.0.22[192.168.0.22]...12.34.56.78[12.34.56.78]===192.168.1.0/24;
unrouted; eroute owner; #0
000 "here": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
...when I run tcpdump(1) and socat(1) to test, it's clear that pluto
is not sending anything at all.
12.34.56.78# socat UDP4-LISTEN:500,bind=12.34.56.77 -
12.34.56.78# socat UDP4-LISTEN:4500,bind=12.34.56.77 -
(nothing...)
12.34.56.78# tcpdump -i eth0 port 500 or port 4500
192.168.0.22# tcpdump -i eth0 port 500 or port 4500
(nothing...)
Even after logging plutodebug=all I see no errors in /var/log/auth.log.
What do I need to change to make pluto(8) send IKE UDP datagrams?
Thanks,
Michael
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
