Comments on: How to Set Up IPsec-based VPN with Strongswan on CentOS/RHEL 8

By: Ravi Saive

Ravi Saive — Mon, 04 Nov 2024 03:53:25 +0000

In reply to Raji. @Raji, It looks like the issue is that StrongSwan cannot find the 'tun1' configuration. Double-check your ipsec.conf file for any syntax errors or misconfigurations. Ensure that the configuration file is saved correctly and try reloading the StrongSwan configuration with:

# ipsec reload

Then attempt to bring up the tunnel again:

# ipsec up tun1

If it still doesn't work, consider checking the logs using journalctl -xe for more detailed error information, which can help troubleshoot the problem further.

By: Raji

Raji — Sat, 02 Nov 2024 08:48:55 +0000

I am trying to create a PSK tunnel between AIX and Linux. I tried activating the tunnel from Linux, but it is not coming up. Any help, please? /etc/strongswan/ipsec.conf:

config setup
    charondebug="all"
    uniqueids=no
    strictcrlpolicy=no

conn tun1
    type=transport
    auto=add
    keyexchange=ikev2
    authby=secret
    left=70.70.70.20
    right=70.70.70.10
    ike=aes256-sha1-modp1024
    esp=aes256-sha1
    pfs=no

/etc/strongswan/ipsec.secrets:

70.70.70.20 70.70.70.10 : PSK "12345678910abcedf"

# systemctl restart strongswan
# strongswan up tun1
no config named 'tun1'

By: Alex

Alex — Sun, 16 Jan 2022 08:48:41 +0000

I have already established an IPIP6 tunnel between two endpoints, where IPv4 packets are encapsulated inside the IPv6 tunnel.

Can this method help me secure and authenticate my tunnel ??

Or it is totally different method?

By: Ravi Saive

Ravi Saive — Mon, 03 May 2021 05:55:41 +0000

In reply to Christophe. @Christophe, I think we have disabled firewall, but you can open port if you an have active firewall.

# firewall-cmd --permanent --add-service="ipsec"
# firewall-cmd --permanent --add-port=4500/udp
# firewall-cmd --permanent --add-masquerade
# firewall-cmd --reload

By: Christophe

Christophe — Fri, 30 Apr 2021 12:27:37 +0000

No firewall ports have to be opened?