Hi Vilhelm, > config setup > crlcheckinterval=180 > strictcrlpolicy=no > plutostart=no > charondebug="asn 4, knl 4,mgr 4,ike 4,chd 4,net 4,enc 4" > > conn %default > auth=esp > authby=psk > esp=aes128ctr-aesxcbc! > ikelifetime=60m > keylife=20m > keyingtries=1 > rekeymargin=3m > keyexchange=ikev2 > ike=aes128ctr-aesxcbc-ecp192! > type=transport
Your config file looks incomplete. You have to specify at least one conn section (other than %default) with the auto keyword (auto can be specified in %default, though). Where auto=route might be what you want, as charon will then install policies in the kernel's SPD and an SA will automatically be negotiated upon matching traffic. You also need to specify right and optionally left (the endpoints of the IKE_SA) in that conn section. If you only want specific traffic to be tunneled use the left|rightsubnet and left|rightprotoport keywords (see the example at [1]). Also if you want to configure the policies in the kernel yourself make sure you use a reqid > 0 and then specify reqid=<reqid> and installpolicy=no in the respective conn section. Regards, Tobias [1] http://www.strongswan.org/uml/testresults/ikev2/protoport-route/ _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users