HI,super,
We are prepare use SOPHOS UTM and centos to build a net2net vpn network.
For test ,we have two UTMs(b.company.cn,c.company.cn)、one centos(a.company) and
one windows
We use the windows act as a certifying authority , and issue cert for them :
a .company.cn.cer , b.company.cn.cer , c.company.cn , and export a CA : ca.pfx
・ use openssl convert a/b/c.company.cn.cer to a/b/c.pem
we are upload the ca.pfx to b.company.cn and c.company.cn to site-to-site VPN
->Certificate management -> certifying authority
upload the b.pem to c.company.cn site-to-site VPN ->Certificate
management -> Certificate
upload the c.pem to b.company.cn site-to-site VPN ->Certificate
management -> Certificate
・ and set up a IPsec VPN connect .the remote gateway authentication
type is local x509 certificate and certificate is pem Certificate ,
b.company.cn set certificate is c.pem, c.company.cn set certificate is b.pem ,
the Connections is establish
NOW, we are on Centos setup strongswan.
We are copy the pem and ca.pfx to the computer ,but we are received a error
form log/messages:
Nov 9 22:16:03 gateway charon: 00[DMN] Starting IKE charon daemon (strongSwan
5.1.1, Linux 2.6.32-358.el6.x86_64, x86_64)
Nov 9 22:16:03 gateway charon: 00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'
Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate
"CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/cacerts/ca.pem'
Nov 9 22:16:03 gateway charon: 00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'
Nov 9 22:16:03 gateway charon: 00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
Nov 9 22:16:03 gateway charon: 00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'
Nov 9 22:16:03 gateway charon: 00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'
Nov 9 22:16:03 gateway charon: 00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'
Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate
"CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/private/ca.pfx'
Nov 9 22:16:03 gateway charon: 00[CFG] loaded RSA private key from
'/usr/local/etc/ipsec.d/private/ca.pfx'
Nov 9 22:16:03 gateway charon: 00[CFG] loaded 0 RADIUS server configurations
Nov 9 22:16:03 gateway charon: 00[LIB] loaded plugins: charon aes des rc2 sha1
sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8
pkcs12 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve
socket-default stroke updown eap-identity eap-radius eap-peap xauth-generic
Nov 9 22:16:03 gateway charon: 00[LIB] unable to load 8 plugin features (8 due
to unmet dependencies)
Nov 9 22:16:03 gateway charon: 00[JOB] spawning 16 worker threads
Nov 9 22:16:03 gateway charon: 05[CFG] received stroke: add ca 'addca'
Nov 9 22:16:03 gateway charon: 05[CFG] loaded ca certificate
"CN=IPSecVPN-CA" from 'ca.pem'
Nov 9 22:16:03 gateway charon: 05[CFG] added ca 'addca'
Nov 9 22:16:03 gateway charon: 07[CFG] received stroke: add connection
'net-net'
Nov 9 22:16:03 gateway charon: 07[CFG] loaded certificate "C=cn, O=gw-c,
CN=gw-c.eco-schulte.cn" from 'gw-c.pem'
Nov 9 22:16:03 gateway charon: 07[CFG] id 'gw-a.eco-schulte.cn' not
confirmed by certificate, defaulting to 'C=cn, O=gw-c, CN=gw-c.eco-schulte.cn'
Nov 9 22:16:03 gateway charon: 07[CFG] added configuration 'net-net'
Nov 9 22:16:03 gateway charon: 09[CFG] received stroke: add connection 'xl2tp'
Nov 9 22:16:03 gateway charon: 09[CFG] added configuration 'xl2tp'
Nov 9 22:16:15 gateway charon: 11[NET] received packet: from 59.37.27.178[500]
to 59.37.27.180[500] (256 bytes)
Nov 9 22:16:15 gateway charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V
V V V V ]
Nov 9 22:16:15 gateway charon: 11[IKE] no IKE config found for
59.37.27.180...59.37.27.178, sending NO_PROPOSAL_CHOSEN
Nov 9 22:16:15 gateway charon: 11[ENC] generating INFORMATIONAL_V1 request
3529918923 [ N(NO_PROP) ]
Nov 9 22:16:15 gateway charon: 11[NET] sending packet: from 59.37.27.180[500]
to 59.37.27.178[500] (40 bytes)
Nov 9 22:16:55 gateway charon: 12[NET] received packet: from 59.37.27.178[500]
to 59.37.27.180[500] (256 bytes)
Nov 9 22:16:55 gateway charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V
V V V V ]
Nov 9 22:16:55 gateway charon: 12[IKE] no IKE config found for
59.37.27.180...59.37.27.178, sending NO_PROPOSAL_CHOSEN
Nov 9 22:16:55 gateway charon: 12[ENC] generating INFORMATIONAL_V1 request
3127351181 [ N(NO_PROP) ]
Nov 9 22:16:55 gateway charon: 12[NET] sending packet: from 59.37.27.180[500]
to 59.37.27.178[500] (40 bytes)
Where are we not doing? Thank a lot !!
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
