Hi all,
i've just succeeded in establishing a VPN between strongSwan and an Azure VN gateway.
Performance is good and Connection is stable. It reconnects when it's lost and i've just transfered ~20GB without any problems.
Our network has several more VPN Connections (10.X.0.0/24) and this is the connection between the central hub and the Azure gateway. To enable access from all locations to the Azure network I had to install a 172.29.0.0/16<-->10.X.0.0/24 VPN between each location and the hub.
I've used strongswan-5.0.2 with this patch: http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0235914d
I've also tested strongswan-4.5 but I was not able to establish a connection. Also the patch above was important because otherwise the connection comes up but an additional QUICK_MODE drops the Connection immediately.
This was my VN configuration which I uploaded using the Azure PowerShell. This turned out to be easier and faster than doing all changes during testing in the management console:
<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration"><VirtualNetworkConfiguration><Dns /><LocalNetworkSites><LocalNetworkSite name="MyLocalNetwork"><AddressSpace><AddressPrefix>10.0.0.0/8</AddressPrefix></AddressSpace><VPNGatewayAddress>A.A.A.A</VPNGatewayAddress></LocalNetworkSite></LocalNetworkSites><VirtualNetworkSites><VirtualNetworkSite name="MyVirtualNetwork" AffinityGroup="MyAffinityGroup"><AddressSpace><AddressPrefix>172.29.0.0/16</AddressPrefix></AddressSpace><Subnets><Subnet name="azure-lan"><AddressPrefix>172.29.0.0/24</AddressPrefix></Subnet><Subnet name="GatewaySubnet"><AddressPrefix>172.29.1.0/24</AddressPrefix></Subnet></Subnets><Gateway><ConnectionsToLocalNetwork><LocalNetworkSiteRef name="MyLocalNetwork" /></ConnectionsToLocalNetwork></Gateway></VirtualNetworkSite></VirtualNetworkSites></VirtualNetworkConfiguration></NetworkConfiguration>
And this is the strongSwan configuration:
conn azurenetwork-mynetwork
left=B.B.B.B (official IP of my Azure gateway) leftsubnet=172.29.0.0/16 right=A.A.A.A (official IP of my local gateway) rightsubnet=10.0.0.0/8 type=tunnel keyexchange=ikev1 ikelifetime=3600s keylife=28800s lifebytes=104857600000 esp=aes128-sha1 ike=aes128-sha1-modp1024 rekey=yes auth=esp keyingtries=1 authby=secret mobike=no dpdaction=none auto=start rekeymargin=3m
and this my ipsec.secrets:
A.A.A.A B.B.B.B : PSK "mypresharedkeymypresharedkey"
Any comments or suggestions are welcome.
Best regards,
Harald