[Openswan Users] strongswan with windows configuration question
Amrith Kumar
amrith.kumar at gmail.com
Fri Jul 20 07:25:50 EDT 2012
Hello,
I'm new to strongswan and have been working through setting it up for the
first time.
My configuration:
[Server]
An Amazon EC2 instance running Ubuntu 12.04
[Client]
A windows 7 PC
Strongswan is configured and running on the server. Authentication of the
client is by certificate (which has been quite an experience) and I've
managed to get all that straightened out and on the Windows PC I can click
"connect" on the VPN and it authenticates and connects.
Then it says "No internet access" on the VPN.
What I see on Windows is this,
1. there's no route that will send all traffic down the VPN.
2. there's no interface being created (that I can tell) on the server side
that responds to pings for what I believe will be the servers side of the
tunnel
3. ipconfig /all on Windows shows that the default gateway for the VPN
interface is 0.0.0.0
As my server is itself an EC2 instance (and therefore it's public IP is
unknown), how does one go about instructing strongswan and windows of this
setup?
The how-to's and information on the strongswan wiki seem to deal with
configurations where there is a static IP on the server side, a luxury I
don't have. Yes, I could get an elasticIP from Amazon but I'm looking for a
solution that doesn't require that if possible. With PPTP (as a
comparison), I could merely say:
localip 10.40.1.1
remoteip 10.40.1.20-50
and enable ip_forward and things work out fine ...
My ipsec.conf is this
# ipsec.conf - strongSwan IPsec configuration file
config setup
plutostart=no
conn %default
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
rekey=no
type=tunnel
conn amrith-desktop
leftsourceip=10.40.15.1
leftid="C=US, ST=MA, O=PE, CN=vpn.<domain>.com, E=<email>"
leftcert=vpn-server-cert.pem
rightcert=amrith-laptop-cert.pem
rightid="C=US, ST=MA, O=PE, CN=my-laptop, E=<email>"
rightsourceip=10.40.15.5/8
rightsubnet=10.40.15.0/8
auto=add
-amrith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120720/449e3891/attachment.html>
More information about the Users
mailing list