strongswan no tunnel

Issues related to configuring your network
Post Reply
tanqijun90
Posts: 1
Joined: 2017/10/05 16:37:56

strongswan no tunnel

Post by tanqijun90 » 2017/10/05 16:41:11

I am using strongswan as a vpn server for road warriors. I have two machines running the software, one on raspbian and one on CentOS 7. The raspbian machine works fine but not the CentOS one.

The problem with the CentOS one seems to be that packets are not tunneled.

Here is an output from tshark.

Code: Select all

  88 6.655929830  67.22.27.75 → 10.202.121.120 ESP 146 ESP (SPI=0xc542d5c5)
   89 6.655929830  192.168.3.1 → 8.8.4.4      DNS 71 Standard query 0x26a6 A dealsea.com
67.22.27.75 is the ip of the road warrior and 192.168.3.1 is the virtual ip assigned by strongswan.

On the working instance of raspbian, the tshark output looks like:

Code: Select all

45 3.318470851 104.38.166.37 → 10.111.58.102 ESP 146 ESP (SPI=0xc7ca8886)
   46 3.318470851 10.202.122.1 → 8.8.4.4      DNS 67 Standard query 0x10af A psu.edu
   47 3.318656688 10.111.58.102 → 8.8.4.4      DNS 67 Standard query 0x10af A psu.edu
Here 104.38.166.37 is the ip of the road warroir, 10.202.122.1 is the virtual ip, and 10.111.58.102 is the ip of the strongswan server in its local network.

The two machines use the same configure files:

ipsec.conf

Code: Select all

config setup
    charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
    uniqueids=no
conn ikev2-vpn
     auto=add
     compress=no
     type=tunnel
     keyexchange=ikev2
     fragmentation=yes
     forceencaps=yes
     ike=aes256-sha256-modp2048!
     esp=aes256-sha256!
     dpdaction=clear
     dpddelay=300s
     rekey=no
     left=%any
     leftid=@MYHOSTNAME
     leftcert=/etc/strongswan/ipsec.d/certs/vpn-server-cert.pem
     leftsendcert=always
     leftsubnet=0.0.0.0/0
     right=%any
     rightid=%any
     rightauth=eap-mschapv2
     rightsourceip=10.202.122.1/24
     rightdns=8.8.8.8,8.8.4.4
     rightsendcert=never
     eap_identity=%identity
strongswan.conf

Code: Select all

charon {
    load_modular = yes
    plugins {
        include strongswan.d/charon/*.conf
    }
}

include strongswan.d/*.conf
How can I make the CentOS instance work?

buckaroo_bonzai
Posts: 1
Joined: 2018/03/26 23:38:34

Re: strongswan no tunnel

Post by buckaroo_bonzai » 2018/03/26 23:48:52

Did you have resolve this problem with strongSwan ipsec.conf or other configuration?

Post Reply