strongSwan environment setup

Topology:ikev1-net-to-net
strongSwan on moon,sun
alice
(HP-NB-win8:192.168.22.154)
|
|[eth]
|
moon
(K530:192.168.22.1,
chungwa 3g:100.73.194.15)
|
|[wwan]
|
sun
(HP-NB-Ubuntu:192.168.77.1
chungwa static ip:118.16.148.22)

install strongSwan on Ubuntu:
Install strongSwan
1.

wget http://download.strongswan.org/strongswan-x.x.x.tar.bz2

2. tar xjvf strongswan-x.x.x.tar.bz2; cd strongswan-x.x.x
3. ./configure --prefix=/usr --sysconfdir=/etc
troubleshooting: configure: error: GNU Multi Precision library gmp not found
4. sudo apt-get install libgmp3-dev
5. make
6. sudo make install
7.setup config (listed ipsec.conf ,ipsec.secrets below)
8.”ipsec (re)start” to make connction

ipsec.conf – define connections and configuration parameters
ipsec.conf on moon
# ipsec.conf – create by /etc/init.d/ipsec

config setup

conn %default
        rekeymargin=3m
        keyingtries=1

conn net
        keyexchange=ikev1
        right=118.163.148.22
        rightsubnet=192.168.77.0/24
        rightid=@sun.strongswan.org
        left=100.73.194.15
        leftfirewall=yes
        leftsubnet=192.168.22.0/24
        leftid=@moon.strongswan.org
        authby=secret
        ike=3des-sha1-modp1024!
        ikelifetime=120m
        esp=3des-sha1-modp1024!
        lifetime=120m
        auto=start

ipsec.conf on sun
/etc/ipsec.conf – strongSwan IPsec configuration file

config setup

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        authby=secret

conn net-net
        left=118.163.148.22
        leftsubnet=192.168.77.0/24
        leftid=@sun.strongswan.org
        leftfirewall=yes
        #right=100.73.194.15
        right=%any
        rightsubnet=192.168.22.0/24
        rightid=@moon.strongswan.org
        ike=3des-sha1-modp1024!
        esp=3des-sha1-modp1024!
        auto=add

/etc/ipsec.secrets: filecontains an unlimited number of the secret key
ipsec.secrets of moon & sun

@moon.strongswan.org @sun.strongswan.org : PSK 123456
root@K530:/etc# 
src 192.168.77.0/24 dst 192.168.22.0/24
        dir fwd priority 1859
        tmpl src 118.163.148.22 dst 100.73.194.15
                proto esp reqid 2 mode tunnel
src 192.168.77.0/24 dst 192.168.22.0/24
        dir in priority 1859
        tmpl src 118.163.148.22 dst 100.73.194.15
                proto esp reqid 2 mode tunnel
src 192.168.22.0/24 dst 192.168.77.0/24
        dir out priority 1859
        tmpl src 100.73.194.15 dst 118.163.148.22
                proto esp reqid 2 mode tunnel
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
root@K530:/etc# ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.0, Linux 3.3.8, mips):
  uptime: 15 minutes, since Aug 26 18:38:44 2014
  malloc: sbrk 208896, mmap 0, used 197976, free 10920
  worker threads: 2 of 16 idle, 13/1/0/0 working, job queue: 0/0/0/0, scheduled: 3
  loaded plugins: charon test-vectors curl ldap mysql sqlite pkcs11 aes des blowfish sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm attr kernel-pfkey kernel-klips kernel-netlink resolve socket-default socket-raw socket-dynamic farp stroke smp updown eap-identity eap-md5 eap-mschapv2 xauth-generic xauth-eap dhcp whitelist led duplicheck uci addrblock
Listening IP addresses:
  100.73.194.15
  192.168.22.1
Connections:
         net:  100.73.194.15...118.163.148.22  IKEv1
         net:   local:  [moon.strongswan.org] uses pre-shared key authentication
         net:   remote: [sun.strongswan.org] uses pre-shared key authentication
         net:   child:  192.168.22.0/24 === 192.168.77.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
         net[1]: ESTABLISHED 15 minutes ago, 100.73.194.15[moon.strongswan.org]...118.163.148.22[sun.strongswan.org]
         net[1]: IKEv1 SPIs: bb82f055fe5aa914_i* 3917550f53fadc06_r, pre-shared key reauthentication in 101 minutes
         net[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
         net{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c323380f_i c43adf92_o
         net{1}:  3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 99 minutes
         net{1}:   192.168.22.0/24 === 192.168.77.0/24
         net{2}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c68dee72_i cf9c3e44_o
         net{2}:  3DES_CBC/HMAC_SHA1_96, 41400 bytes_i (0s ago), 41400 bytes_o (0s ago), rekeying in 99 minutes
         net{2}:   192.168.22.0/24 === 192.168.77.0/24
root@K530:/etc# ipsec status
Security Associations (1 up, 0 connecting):
         net[1]: ESTABLISHED 16 minutes ago, 100.73.194.15[moon.strongswan.org]...118.163.148.22[sun.strongswan.org]
         net{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c323380f_i c43adf92_o
         net{1}:   192.168.22.0/24 === 192.168.77.0/24
         net{2}:  INSTALLED, TUNNEL, ESP in UDP SPIs: c68dee72_i cf9c3e44_o
         net{2}:   192.168.22.0/24 === 192.168.77.0/24

0 thoughts on “strongSwan environment setup

  1. KelTike

    Your comment is awaiting moderation.

    Cialis 20mg En Pharmacie Paris Nolvadex Homme Zoloft 100 Mg No Script And Very Cheap cialis Ampicillin Amoxicillin And Ticarcillin For Dogs Levitra Rxlist Prevacid Online Pharmacy

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *