Is it just me or is strongswan & ipsec quite difficult to configure?
Also maybe trying to link my home computer into a 6to4 subnet hosted elsewhere via a ipv4 ipsec tunnel to get around the crummy AT&T internet gateway filtering isn't the easiest place to start.
@alienghic ISAKMP is the worst protocol ever. I usually had to run racoon with a debug level three and there was an online decoder of ISAKMP packet dumps somewhere. Once you get Phase 1 working, Phase 2 won't...
@saper After a long struggle I eventually figured out how to generate certificates correctly and I can get ipv4 host to host to work, but I'm still at a loss on how to any version using virtual ips.
@saper Auth wouldn't work until I encoded the host name in the subject alternative name. Strongswan seemed to ignore the CN field.
@alienghic how is "subject" encoded in your certificates? There are at least three ways to encode the identity there.
And if your IPs are static you can always ditch ISAKMP altogether and just hardwire the keys using setkey (define static ESP tunnels).