-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The Networkmanager plugin has a couple of restrictions and can only be used as a client. If you want to connect two VMs together, at least one has to run strongSwan all the time and be able to react to the other VM's packets. You can't use NetworkManager on both. I advise to simply use strongSwan itself on both hosts and set it up correctly.
Am 01.05.2014 20:56, schrieb Brian Watson: > So is this the information that I should follow from the wiki: > > Is it best to use the NetworkManager plugin? > > > Configuration Files > > The configuration files used by strongSwan are as follows: > > * ipsec.conf > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecConf>: provides the > configuration of IPsec connections > * ipsec.secrets > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets>: lists the > secrets (pre-shared keys, private keys) > * ipsec.d > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory>: stores > certificates and private keys > * strongswan.conf > <http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf>: allows > one to configure global settings > > Other Configuration Sources > > The configuration may also be loaded from an SQL database > <http://wiki.strongswan.org/projects/strongswan/wiki/SQL> or provided by > custom plugins like the one used with > the NetworkManager plugin > <http://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager>. > > Invocation and Maintenance > > strongSwan is usually controlled with the ipsec command > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand>. |ipsec > start| will start the starter daemon > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecStarter> which in > turn > starts and configures the keying daemon charon > <http://wiki.strongswan.org/projects/strongswan/wiki/Charon>. > > Connections defined as conn sections in ipsec.conf > <http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection> can be > started on three different occasions: > > * *On startup*: Connections configured with /auto=start/ will automatically > be established when the daemon is started. > * *On traffic*: If /auto=route/ is used, IPsec policies for the configured > traffic (/left|rightsubnet/) will be installed and traffic > matching these policies will trigger events that cause the daemon to > establish the connection. > * *Manually*: A connection that uses /auto=add/ has to be established > manually with |ipsec up <name>|. It is also > possible to use |ipsec route <name>| to install policies manually for > such connections. > > After an SA has been established |ipsec down| may be used to tear down the > IKE_SA or individual CHILD_SAs. > > Whenever the ipsec.conf > <http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecconf> file is > changed it may be reloaded with |ipsec update| or |ipsec reload|. Already > established > connections are not affected by these commands, if that is required |ipsec > restart| must be used. > > If ipsec.secrets > <http://wiki.strongswan.org/projects/strongswan/wiki/Ipsecsecrets> or the > files in ipsec.d > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectory> have > been changed the ipsec reread... > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Reread-Commands> > commands may be used to reload these files. > End-entity certificates placed in ipsec.d/certs > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecDirectoryCerts> are > not reloaded automatically, instead they are loaded whenever referenced > with /left|rightcert/ in a conn section > <http://wiki.strongswan.org/projects/strongswan/wiki/ConnSection>. Using the > ipsec purge... > <http://wiki.strongswan.org/projects/strongswan/wiki/IpsecCommand#Purge-Commands> > commands may be required in order for the new files to be used. > > Using the ipsec list... > <http://wiki.strongswan.org/projects/strongswan/wiki/Ipseccommand#List-Commands> > commands will provide information about loaded or cached certificates, > supported algorithms and > loaded plugins. > > > > > On Thu, May 1, 2014 at 11:34 AM, Brian Watson <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > I'm new to StrongSwan and am looking for some good instructions on > setting up a VPN between 2 virtual machines running on the same laptop. The > wiki pages seem to lay out a lot of different scenarios, but nothing to walk > you through the steps necessary to start from scratch. I've downloaded the sw > into my Ubuntu machine, but can't find the instructions as to what app to > start and what to do next. > > Any ideas? > > Thanks, > Brian > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTYpmgAAoJEDg5KY9j7GZY3UcP/ioErZc9heqvWVDmFXZYpDWC w6CRX/EfXkmsssqXomJXvoedcUxVb46Hfo9DaprkeKBr2CdZN8zzmZMQAcBxWKis tP2s+32KIbnQIL/PMOu173Pao5lLHJkKizkB1Ae7VoJZDqCaaUnJmVf7vHdDRAIA FZENoxppkHXpttEltEqI9eVfCOzHxwj5xRht5CEBE7LWWQRlbQnUwhUq/RK76kVy Icl6wdBCaQ35Yonr6LgBsJS0h94eLASCpRyNwln4H/IfeV3QIrTbgb702KsUSe3n 9ksFluzP4zmoaTQ951zVjceKT0RfqWLZeqLQjhuN2sQeB2eqLvANQ1R2xuAb0XvF 6bxYBlhHF9P/lJsjZ6UbC+JKixuLLe2DHdfVrQFKnwtX/aBbVtYYepBNaZGrjYz0 oShwAcG0H5UhFC6IxzTBv+yXHhs6O9pHVpywhQPfOu590vJum/7/hwjQ5fAZXIZI cz+nt4QvtKad7zPNarwK7XgA/CgTwALVnhYP1aBmaskksHeTVjTEAr8QB9vhHDss 9dI7NH1Ibt8qZxw55Hc7T/0sFWQzwZ714lRlpNNHO5EXv3NHvILzvyCsU7J3ncZN 8BohYZSboOp5/EYIEmVTU1cYmji7H37sRLY8FpgLaZ/AC2aJEbkx7hJpq4W2RnSH q5Ol1TzDd7HReHiAuz4v =aPVU -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
