View difference between Paste ID: <a href="/T38iqbKH">T38iqbKH</a> and <a href="/SKxznLJN">SKxznLJN</a>

Both:
1		Both:
2		conn %default
3		ikelifetime=60m
4		keylife=20m
5		rekeymargin=3m
6		keyingtries=1
7		authby=secret
8		keyexchange=ikev2
9		mobike=no
10
11
12		--------------------------------------------------------
13
14		Node v5141:
15		conn quicknet-availo
16		left=1.2.3.4
17		leftsubnet=172.16.0.0/16
18		leftid=@v5141
19		leftfirewall=yes
20		right=4.3.2.1
21		rightsubnet=10.0.0.0/8
22		rightid=@v6116
23		forceencaps=yes
24		auto=add
25
26		--------------------------------------------------------
27
28		Node v6116:
29		conn quicknet-availo
30		left=4.3.2.1
31		leftsubnet=10.0.0.0/8
32		leftid=@v6116
33		leftfirewall=yes
34		right=1.2.3.4
35		rightsubnet=172.16.0.0/16
36		rightid=@v5141
37		forceencaps=yes
38		auto=add
39
40		--------------------------------------------------------
41
42		root@v5141: ~ #> ipsec statusall
43		Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-61-generic, x86_64):
44		uptime: 79 minutes, since Jul 30 14:33:22 2015
45		malloc: sbrk 2433024, mmap 0, used 346928, free 2086096
46		worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
47		loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
48		Listening IP addresses:
49		1.2.3.4
50		Connections:
51		quicknet-availo: 1.2.3.4...4.3.2.1 IKEv2
52		quicknet-availo: local: [v5141] uses pre-shared key authentication
53		quicknet-availo: remote: [v6116] uses pre-shared key authentication
54		quicknet-availo: child: 172.16.0.0/16 === 10.0.0.0/8 TUNNEL
55		Security Associations (1 up, 0 connecting):
56		quicknet-availo[4]: ESTABLISHED 21 minutes ago, 1.2.3.4[v5141]...4.3.2.1[v6116]
57		quicknet-availo[4]: IKEv2 SPIs: fdd39a4062ab8d16_i 9db30a609e063eb7_r*, pre-shared key reauthentication in 33 minutes
58		quicknet-availo[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
59		quicknet-availo{4}: INSTALLED, TUNNEL, ESP in UDP SPIs: ca25ba32_i c9265656_o
60		quicknet-availo{4}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 468 bytes_o (6 pkts, 279s ago), rekeying in 7 minutes
61		quicknet-availo{4}: 172.16.0.0/16 === 10.0.0.0/8
62
63		root@v5141: ~ #> ip route list table 220
64		root@v5141: ~ #>
65		root@v5141: ~ #> ip xfrm policy
66		src 10.0.0.0/8 dst 172.16.0.0/16
67		dir fwd priority 1923
68		tmpl src 4.3.2.1 dst 1.2.3.4
69		proto esp reqid 4 mode tunnel
70		src 10.0.0.0/8 dst 172.16.0.0/16
71		dir in priority 1923
72		tmpl src 4.3.2.1 dst 1.2.3.4
73		proto esp reqid 4 mode tunnel
74		src 172.16.0.0/16 dst 10.0.0.0/8
75		dir out priority 1923
76		tmpl src 1.2.3.4 dst 4.3.2.1
77	-	proto esp reqid 4 mode tunnel
77	+
78
79		root@v6116: ~ #> ipsec up quicknet-availo
80		initiating IKE_SA quicknet-availo[3] to 1.2.3.4
81		generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
82		sending packet: from 4.3.2.1[500] to 1.2.3.4[500] (1212 bytes)
83		received packet: from 1.2.3.4[500] to 4.3.2.1[500] (440 bytes)
84		parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
85		remote host is behind NAT
86		authentication of 'v6116' (myself) with pre-shared key
87		establishing CHILD_SA quicknet-availo
88		generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
89		sending packet: from 4.3.2.1[4500] to 1.2.3.4[4500] (380 bytes)
90		received packet: from 1.2.3.4[4500] to 4.3.2.1[4500] (220 bytes)
91		parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
92		authentication of 'v5141' with pre-shared key successful
93		IKE_SA quicknet-availo[3] established between 4.3.2.1[v6116]...1.2.3.4[v5141]
94		scheduling reauthentication in 3325s
95		maximum IKE_SA lifetime 3505s
96		CHILD_SA quicknet-availo{3} established with SPIs c98d9ef0_i c7e79260_o and TS 10.0.0.0/8 === 172.16.0.0/16
97		connection 'quicknet-availo' established successfully