Hi I am trying to setup an ipsec tunnel between 2 linux boxes (archlinux) with strongswan 4.4 but I have got errors on both machines that I couldn't solve.
moon:
ipsec.conf - strongSwan IPsec configuration file
basic configuration
config setup # plutodebug=all crlcheckinterval=180 strictcrlpolicy=no # cachecrls=yes # nat_traversal=yes # charonstart=no plutostart=no
Add connections here.
conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 #ike=aes128-sha256-modp2048! #esp=aes128-sha256-modp2048! left=147.87.107.20 leftsubnet=10.1.0.0/16 leftcert=moonCert.pem leftid="C=CH,O=BFH, CN=gad" leftfirewall=yes
conn rw right=%any rightsourceip=%dhcp auto=add
/etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA moonKey.pem "mypassword"
carol:
ipsec.conf - strongSwan IPsec configuration file
basic configuration
config setup # plutodebug=all crlcheckinterval=180 strictcrlpolicy=no # cachecrls=yes # nat_traversal=yes # charonstart=no plutostart=no
Add connections here.
Sample VPN connections
conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev2 #ike=aes128-sha256-modp2048! #esp=aes128-sha256-modp2048!
conn home left=147.87.107.19 leftsourceip=%config leftcert=carolCert.pem leftid="C=CH, O=BFH, CN=carol" leftfirewall=yes right=147.87.107.20 rightsubnet=10.1.0.0/16 rightid="C=CH, O=BFH, CN=gad" auto=add
/etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA carolKey.pem "mypassword"
moon error:
[root@moon ~]# ipsec restart Stopping strongSwan IPsec... Starting strongSwan 4.4.0 IPsec [starter]... [root@moon ~]# ipsec up rw unable to initiate to %any
carol error:
[root@carol log]# cat /etc/ipsec.secrets
/etc/ipsec.secrets - strongSwan IPsec secrets file
: RSA carolKey.pem "daniel" [root@carol log]# ^C [root@carol log]# ipsec restart Stopping strongSwan IPsec... Starting strongSwan 4.4.0 IPsec [starter]... [root@carol log]# ipsec up home initiating IKE_SA home[1] to 147.87.107.20 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 147.87.107.19[500] to 147.87.107.20[500] received packet: from 147.87.107.20[500] to 147.87.107.19[500] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] received cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad, [email protected]" sending cert request for "C=CH, ST=Bern, L=Biel, O=BFH, OU=SEL, CN=gad, [email protected]" no private key found for 'C=CH, ST=Bern, O=BFH, OU=SEL, CN=carol, [email protected]' [root@carol log]#
Thank you for your help!
cheers
Daniel