FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 11-07-2009, 10:31 PM
Angus MacGyver
 
Default IPSec + strongswan road warrior.....

Hi all,

Yeah - I am cross posting this to the m0n0wall lists and the Ubuntu
ones, as someone must have more clue that I do at the moment..



I think I need some pointers with regards to my setup..
I've googled, but nothing is getting *quite* like the setup I would
want/need..

What I need is a road warrior or two using Ubuntu 9.10 and strongswan to
use X509 certs to VPN in to the m0n0wall.

I currently have a static VPN setup from the m0n0 to another site, and
have done for years, and this works perfectly. (until the remote site's
ISP drops)



What I've done is create a CA of my own on an internal server, so that I
can sign a bunch of certs, not just for m0n0..

I've created a new entry under IPSEC->CA's and then copied the contents
of this cacert.pem into the box.

I've then created a private key, and CSR with said key, and signed it
with with the CA for m0n0wall.

The signed part has gone into the IPSEC-> Mobile Clients -> Certificate.

The key part has gone into IPSEC -> Mobile Clients -> Key.


I then did the same for a key and CSR for one of the road warriors...



Using Network Manager, setup new VPN...

Gateway:
Address: <External IP of m0n0>
Certificate : pointing to file of CSR signed cert from m0n0
(IPSEC-> Mobile Clients -> Certificate.)


Client:
Authentication: - Certificate/Private key
Certificate :- points to file CSR signed cert for the RW
Private Key:- Private key file used to create the CSR for RW.


Put a tick in "Request an inner IP address", "Enforce UDP
encapsulation"..



It doesn't work, and not sure why..
I am certain I have done something stupid - but what, that is the
question I'm hoping someone can prod me in the correct direction with...

Only two things I've got are....

Nov 7 18:59:25 laptop-testing NetworkManager: <WARN>
connection_state_changed(): Did not receive a reply. Possible causes
include: the remote application did not send a reply, the message bus
security policy blocked the reply, the reply timeout expired, or the
network connection was broken.

And Network Manager message of "The VPN connection failed because there
were no valid VPN secrets"


Any pointers will be appreciated..

Cheers


AM




--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org