-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Arvindhar,
Please read [1]. [1] http://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling Also, if you have any iptables rules on the VPN server, you need to allow traffic between the LAN and IPsec peers. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 04.07.2014 13:14, schrieb Arvindhar Subbu: > Dear Noel, > > I'm unable to access network resources behind the VPN server. > > _Kali Server_ > > Kali WAN - 11.12.13.15 > Kali LAN - 192.168.7.1 > LAN side server - 192.168.7.5 > > Test: > 1. Road Warrior unable to reach 192.168.7.5 but pinging 192.168.7.1 over vpn > connection > 2. Got ping reply for ip 192.168.7.5 from Kali Server LAN interface > 192.168.7.1 > > Any changes required in ipsec.conf or iptables? > > Kindly suggest. > > Thank you, > s.s. arvindhar > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > From: [email protected] > To: [email protected]; [email protected] > Subject: RE: [strongSwan] Strongswan on Kali linux > Date: Thu, 3 Jul 2014 12:22:43 +0000 > > I changed to Main mode in client. > > Thank you, > s.s.arvindhar > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > From: [email protected] > To: [email protected]; [email protected] > Subject: RE: [strongSwan] Strongswan on Kali linux > Date: Thu, 3 Jul 2014 12:21:53 +0000 > > Thank you Noel, It connected, Will update you once i finish the below tests > > 1. NAT test > 2. Ping communication test > 3. Split tunnel test > 4. Android test > 5. iphone test > > Thank you, > s.s.arvindhar > > > >> Date: Thu, 3 Jul 2014 13:39:48 +0200 >> From: [email protected] >> To: [email protected]; [email protected] >> Subject: Re: [strongSwan] Strongswan on Kali linux >> > Hello Arvindhar, > > As I wrote before, you need to set aggressive=yes in conn %default or conn rw > or make the Shrewsoft Client initiate in main mode, not aggressive mode. > > Regards, > Noel Kuntze > > GPG Key id: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 03.07.2014 13:37, schrieb Arvindhar Subbu: >> Dear Noel, > >> Please check below ipsec.conf data. Kindly let me know if you want to know >> more details. > >> ***********ipsec.conf************************************************ >> # ipsec.conf - strongSwan IPsec configuration file >> # basic configuration >> config setup >> conn %default >> type=tunnel >> ike=aes128-sha1-modp2048,3des-sha1-modp1536 >> ikelifetime=60m >> keylife=20m >> rekeymargin=3m >> keyingtries=1 >> keyexchange=ikev1 >> esp=aes128-sha1,3des-sha1 >> mobike=yes >> leftikeport=4500 >> rightikeport=4500 >> conn rw >> left=11.12.13.15 >> leftcert=gatewayCert.pem >> [email protected] >> leftfirewall=yes >> right=%any >> rightsourceip=192.168.20.0/24 >> auto=add > >> # strictcrlpolicy=yes >> # uniqueids = no >> # Add connections here. >> # Sample VPN connections >> # conn sample-self-signed >> # leftsubnet=10.1.0.0/16 >> # leftcert=selfCert.der >> # leftsendcert=never >> # right=192.168.0.2 >> # rightsubnet=10.2.0.0/16 >> # rightcert=peerCert.der >> # auto=start >> #conn sample-with-ca-cert >> # leftsubnet=10.1.0.0/16 >> # leftcert=myCert.pem >> # right=192.168.0.2 >> # rightsubnet=10.2.0.0/16 >> # rightid="C=CH, O=Linux strongSwan CN=peer name" >> # auto=start > >> *************************************************************************** > >> Thank you, >> s.s.arvindhar > > >>> Date: Thu, 3 Jul 2014 12:30:08 +0200 >>> From: [email protected] >>> To: [email protected] >>> Subject: Re: [strongSwan] Strongswan on Kali linux > >> Hello Arvindhar, > >> You need to set aggressive=yes in the conn. Also, please show us your >> ipsec.conf. > >> Regards, >> Noel Kuntze > >> GPG Key id: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >> Am 03.07.2014 11:58, schrieb Arvindhar Subbu: >>> Hi, > >>> Unable to connect to Strongswan server from Road warrior. > >>> I'm following 2dd.it strongswan guide to deploy on kali linux as a server >>> and windows 7 as a road warrior. Please help/clue to solve. > >>> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8 > >>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: >>> f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26 >>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: >>> 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51 >>> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: >>> 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b >>> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID >>> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without >>> data >>> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a >>> Aggressive Mode IKE_SA >>> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer >>> configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, OU=IT, >>> CN=MILEYCYRUS, [email protected]] >>> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found >>> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request >>> 152362081 [ N(AUTH_FAILED) ] >>> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from 11.12.13.15[500] >>> to 11.12.13.18[500] (56 bytes) > >>> Thank you, >>> s.s.arvindhar > > >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users > >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTto44AAoJEDg5KY9j7GZYPu4P/01arsFSjwLQ5oNswJZfKMwR kI+k3klD4+LXnGZ7/IFFsSHanflGiUEFmS6xz3focp7G0NxU/cbxd0GW+gFGKBIp hShNTy6Id/xVOXObz4ozsQAVCit+SfMXoyD/3Vfhx/eHw8PjoRYiR+Y29DO8TA5z wf70LKuS1Q+tFTn/f1xANtUPwH6s3BwIjZ1/TIAtdiCvuiFQ3Q7iznAmzBB3Nhlu KUSPjSG9E8rg0rRbmWfc+MPg9qrwen9gIq93PJYr1lS19T6sgofZk6ZEAVW4cu6c Ab+8nNWwegqfqoTXPMUjyaV2aO1epAjC79Wr2gdlDPds0zOImnyl4B2f3R3Cmoui z5GFGKh12uYE03jHBUTNVt3FOBgtKMv236PAhh5aFS1YtV8h4uzImMqGM94gG+Aq sL9ZVDsoik5Sx9Rdy2oDxrd/PvpJ/veYqw8YQlFwdFPIWWA2ICOG/jTzNSj/7fn/ iwOuyQU04yg+lcUHBKF7ozVJXkObxyz/6XD1erL41vw6s4TI6pLvAHnri1TKzI+p XQYXAQHvgVfGkr6igD4fk3bwh+gCB6nz5auE5M7/fYI0V+RAirGRiWkfGIS68HLl sTqsuVKcZXyQZJaiaiNtr4aLWyBThSiELYTD7MQeK44qG8nfQob2MPHSGXO3dztM jGTfz3tFn7CNCL6xy/kb =mEai -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
