I am at a complete loss. I know this is not the Strongswan forum, but they are
unresponsive with all methods of communication -- and now I see why. My
personal opinion is that Strongswan is only rumored to work, but actually works
in the sense that a puppet does.
Sure Tom says he got it to work, but I followed his [exact
process](https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) and it
does not work for me. The Scientific Method means that a procedure must be
repeatable. And, I have never heard of anyone besides Tom who says he's gotten
Strongswan actually working.
I banged my head on the wall for two weeks with it says it 'can't match the
incoming configuration'. Yesterday I discovered that, although the SS devs put
-in- the subdirs strongswan.d and ipsec.d (where local configs are supposed to
go, according to generally accepted standard)... .conf files in these are not
actually picked up by SS init! Well, at least strongswan.conf and ipsec.conf
are not picked up in these subdirs.
So when I put my modifications in the cardinal /etc/strongswan/strongswan.conf
and ipsec.conf, I started reaching my daemon from the remote phone. But now
the daemon is completely unresponsive. Inconsolable. There is absolutely
nothing in the log WRT the connexion, even with logging set to the max:
charondebug="cfg 4, dmn 4, ike 4, net 4"
I can see the attempts coming in to the ipsec gateway with tcpdump... but
there is no response from the charon daemon. It's not interested, or deaf, or
on vacation.
I had been building keys of 4096 bits, so I made all new CA and keys with the
default of 2048. Absolutely no change.
Now; I've run Linux exclusively for 20 years, and I am hyper-persistent well
past the point of unreasonableness. But there comes a point of 'crazy' and
that is time to give up. So I am open to suggestion on what VPN software
others are -actually- able to get working, in practice, for real.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
