Hi there,
I've been trying to use Strongswan but unfortunately something is not
working as supposed.
In fact, the tunnel goes UP but no rules are added into iptables although I
set *leftfirewall=yes*
Below are results of some commands and ipsec.conf file:
1- uname
[root@vpn~]# uname -ar
Linux xxx.xxx.xxx 3.14.32-xxxx-grs-ipv6-64 #7 SMP Wed Jan 27 18:05:09 CET
2016 x86_64 x86_64 x86_64 GNU/Linux
2- ip xfrm policy
[root@vpn etc]# ip xfrm policy
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0
src ::/0 dst ::/0
dir 3 priority 0
src ::/0 dst ::/0
dir 4 priority 0
src ::/0 dst ::/0
dir 3 priority 0
src ::/0 dst ::/0
dir 4 priority 0
3- ipsec.conf
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug=" dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 3, knl 2, net
2,enc 1, lib 1"
conn %default
keyexchange=ikev1
keyingtries=%forever
rekeymargin=5m
type=tunnel
fragmentation=yes
dpdaction=restart
closeaction=restart
dpddelay=100s
dpdtimeout=500s
authby=psk
conn MCIT
ike=3des-md5-modp1024
ikelifetime=86400s
keylife=28800s
esp=3des-md5-modp1024
left=xxx.xxx.xxx.xxx
leftsubnet=172.16.12.0/24
leftid=172.16.12.4
leftauth = psk
leftfirewall=yes
right=xxx.xxx.xxx.xxx
rightid=xxx.xxx.xxx.xxx
rightauth = psk
conn srv
also=MCIT
rightsubnet=10.112.13.0/24
auto=start
Is there any issues with these settings?
Kindly help me find a solution.
Best regards
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
