I have website, which displays data, received from gsm modems. So i am trying to connect my website to GSM network provider using vpn.
Provider side there is a Cisco 3900, configured as site to site vpn server and my side i have strongswan installed on debian linux and configured as client.
I am using this guide for client configuration http://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/117258-config-l2l.html
On the GSM network provider side configuration is like this:
- VPN Equipments version: Cisco 3900
- VPN Modules: DES+3DES+AES
- VPN Gateway IP: "VpnGatewayIP"
- Hosts Using VPN: 10.248.64.0/20
Tunnel Information
Phase 1 (IKE)
- Authentication Method: Pre-Shared Key
- Encryption Schema: IKE
- Perfect Forward Secrecy- IKE: DH Group-5
- Encryption Algorithm: AES256
- Hashing Algorithm: SHA1
- Renegotiate IKE SA every: 86400 seconds
Phase 2 (IPSEC)
- IPSec: ESP
- Perfect Forward Secrecy-IPSEC: DH Group-5
- Encryption Algorithm IPSec: AES256
- Hashing Algorithm IPSec: SHA1
- Renegotiate IPSec SA every: 3600 seconds
- Aggressive Mode: NOT IN USE
This is content of my configuration file /etc/ipsec.conf
config setup
strictcrlpolicy=no
charondebug="ike 1, knl 2, cfg 0"
conn %default
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn "providerVPN"
left=MyServerIP
leftsubnet=MyServerIP/32
leftid=MyServerIP
leftfirewall=yes
right=VpnGatewayIP
rightsubnet=10.248.64.0/20
rightid=VpnGatewayIP
auto=add
ike=aes256-sha1-modp1536
esp=aes256-sha1
and PSK file /etc/ipsec.secrets
MyServerIP VpnGatewayIP : PSK someSecretKey
starting client like this
/etc/init.d/ipsec start
after this ifconfig did not displays any new connection and "ipsec status" gives me the output
Security Associations (0 up, 0 connecting):
none
There is a log from /var/log/daemon.log
Sep 6 17:54:12 gmapfish ipsec[1221]: ipsec starter stopped
Sep 6 17:54:15 gmapfish ipsec[1320]: Starting strongSwan 5.2.1 IPsec [starter]...
Sep 6 17:54:15 gmapfish charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-686-pae, i686)
Sep 6 17:54:15 gmapfish charon: 00[KNL] known interfaces and IP addresses:
Sep 6 17:54:15 gmapfish charon: 00[KNL] lo
Sep 6 17:54:15 gmapfish charon: 00[KNL] 127.0.0.1
Sep 6 17:54:15 gmapfish charon: 00[KNL] ::1
Sep 6 17:54:15 gmapfish charon: 00[KNL] eth0
Sep 6 17:54:15 gmapfish charon: 00[KNL] "MyServerIP"
Sep 6 17:54:15 gmapfish charon: 00[KNL] 10.19.0.5
Sep 6 17:54:15 gmapfish charon: 00[KNL] df80::501:a8ef:ef9f:a321
Sep 6 17:54:15 gmapfish charon: 00[LIB] loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default stroke updown
Sep 6 17:54:15 gmapfish charon: 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)
Sep 6 17:54:15 gmapfish charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Sep 6 17:54:15 gmapfish charon: 00[JOB] spawning 16 worker threads
Sep 6 17:54:15 gmapfish charon: 07[KNL] "VpnGatewayIP" is not a local address or the interface is down
Sep 6 17:54:15 gmapfish ipsec[1320]: charon (1348) started after 60 ms
Any suggestion what is wrong with my settings?