Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Both:
- conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- authby=secret
- keyexchange=ikev2
- mobike=no
- --------------------------------------------------------
- Node v5141:
- conn quicknet-availo
- left=1.2.3.4
- leftsubnet=172.16.0.0/16
- leftid=@v5141
- leftfirewall=yes
- right=4.3.2.1
- rightsubnet=10.0.0.0/8
- rightid=@v6116
- forceencaps=yes
- auto=add
- --------------------------------------------------------
- Node v6116:
- conn quicknet-availo
- left=4.3.2.1
- leftsubnet=10.0.0.0/8
- leftid=@v6116
- leftfirewall=yes
- right=1.2.3.4
- rightsubnet=172.16.0.0/16
- rightid=@v5141
- forceencaps=yes
- auto=add
- --------------------------------------------------------
- root@v5141: ~ #> ipsec statusall
- Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-61-generic, x86_64):
- uptime: 79 minutes, since Jul 30 14:33:22 2015
- malloc: sbrk 2433024, mmap 0, used 346928, free 2086096
- worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
- loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
- Listening IP addresses:
- 1.2.3.4
- Connections:
- quicknet-availo: 1.2.3.4...4.3.2.1 IKEv2
- quicknet-availo: local: [v5141] uses pre-shared key authentication
- quicknet-availo: remote: [v6116] uses pre-shared key authentication
- quicknet-availo: child: 172.16.0.0/16 === 10.0.0.0/8 TUNNEL
- Security Associations (1 up, 0 connecting):
- quicknet-availo[4]: ESTABLISHED 21 minutes ago, 1.2.3.4[v5141]...4.3.2.1[v6116]
- quicknet-availo[4]: IKEv2 SPIs: fdd39a4062ab8d16_i 9db30a609e063eb7_r*, pre-shared key reauthentication in 33 minutes
- quicknet-availo[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
- quicknet-availo{4}: INSTALLED, TUNNEL, ESP in UDP SPIs: ca25ba32_i c9265656_o
- quicknet-availo{4}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 468 bytes_o (6 pkts, 279s ago), rekeying in 7 minutes
- quicknet-availo{4}: 172.16.0.0/16 === 10.0.0.0/8
- root@v5141: ~ #> ip route list table 220
- root@v5141: ~ #>
- root@v5141: ~ #> ip xfrm policy
- src 10.0.0.0/8 dst 172.16.0.0/16
- dir fwd priority 1923
- tmpl src 4.3.2.1 dst 1.2.3.4
- proto esp reqid 4 mode tunnel
- src 10.0.0.0/8 dst 172.16.0.0/16
- dir in priority 1923
- tmpl src 4.3.2.1 dst 1.2.3.4
- proto esp reqid 4 mode tunnel
- src 172.16.0.0/16 dst 10.0.0.0/8
- dir out priority 1923
- tmpl src 1.2.3.4 dst 4.3.2.1
- proto esp reqid 4 mode tunnel
- root@v6116: ~ #> ipsec up quicknet-availo
- initiating IKE_SA quicknet-availo[3] to 1.2.3.4
- generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
- sending packet: from 4.3.2.1[500] to 1.2.3.4[500] (1212 bytes)
- received packet: from 1.2.3.4[500] to 4.3.2.1[500] (440 bytes)
- parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
- remote host is behind NAT
- authentication of 'v6116' (myself) with pre-shared key
- establishing CHILD_SA quicknet-availo
- generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
- sending packet: from 4.3.2.1[4500] to 1.2.3.4[4500] (380 bytes)
- received packet: from 1.2.3.4[4500] to 4.3.2.1[4500] (220 bytes)
- parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
- authentication of 'v5141' with pre-shared key successful
- IKE_SA quicknet-availo[3] established between 4.3.2.1[v6116]...1.2.3.4[v5141]
- scheduling reauthentication in 3325s
- maximum IKE_SA lifetime 3505s
- CHILD_SA quicknet-availo{3} established with SPIs c98d9ef0_i c7e79260_o and TS 10.0.0.0/8 === 172.16.0.0/16
- connection 'quicknet-availo' established successfully
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement