SHARE
TWEET

Untitled

a guest Jun 18th, 2019 54 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. conn conn-p
  2. #strictcrlpolicy=no
  3. authby=secret
  4. keyexchange=ikev1
  5. left=%defaultroute
  6. leftsubnet=0.0.0.0/0
  7. leftfirewall=yes
  8. right=95.216.212.162
  9. rightsubnet=0.0.0.0/0
  10. rightid=
  11. #ike=aes256-sha2_256-modp1024!
  12. #esp=aes256-sha2_256!
  13. keyingtries=0
  14. ikelifetime=1h
  15. lifetime=8h
  16. dpddelay=30
  17. dpdtimeout=120
  18. dpdaction=restart
  19. auto=add
  20. rightdns=10.10.1.1
  21. #mark=42
  22.      
  23. charon {
  24.     install_routes=yes
  25.     install_virtual_ip=yes
  26.      
  27. eth0      Link encap:Ethernet  HWaddr B8:27:EB:B0:52:8E  
  28.       inet addr:192.168.0.26  Bcast:192.168.0.255  Mask:255.255.255.0
  29.       inet6 addr: fe80::ba27:ebff:feb0:528e/64 Scope:Link
  30.       UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  31.       RX packets:293 errors:0 dropped:0 overruns:0 frame:0
  32.       TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
  33.       collisions:0 txqueuelen:1000
  34.       RX bytes:37560 (36.6 KiB)  TX bytes:2612 (2.5 KiB)
  35.  
  36. lo        Link encap:Local Loopback  
  37.       inet addr:127.0.0.1  Mask:255.0.0.0
  38.       inet6 addr: ::1/128 Scope:Host
  39.       UP LOOPBACK RUNNING  MTU:65536  Metric:1
  40.       RX packets:20 errors:0 dropped:0 overruns:0 frame:0
  41.       TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
  42.       collisions:0 txqueuelen:1000
  43.       RX bytes:4124 (4.0 KiB)  TX bytes:4124 (4.0 KiB)
  44.  
  45. wlan0     Link encap:Ethernet  HWaddr B8:27:EB:E5:07:DB  
  46.       inet addr:10.10.4.1  Bcast:10.10.4.255  Mask:255.255.255.0
  47.       inet6 addr: fe80::ba27:ebff:fee5:7db/64 Scope:Link
  48.       UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  49.       RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  50.       TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
  51.       collisions:0 txqueuelen:1000
  52.       RX bytes:0 (0.0 B)  TX bytes:1614 (1.5 KiB)
  53.      
  54. ip tunnel add ipsec0 local 10.10.0.14 remote 95.216.212.162 mode vti key 42
  55. sysctl -w net.ipv4.conf.ipsec0.disable_policy=1
  56. ip link set ipsec0 up
  57. ip route add 10.0.0.0/8 dev ipsec0
  58. ifconfig ipsec0 10.10.0.14 netmask 255.255.255.0 broadcast 10.10.0.255
  59.      
  60. Status of IKE charon daemon (strongSwan 5.8.0, Linux 4.14.123, aarch64):
  61. uptime: 7 minutes, since Jun 18 09:32:17 2019
  62. worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0,
  63. scheduled: 3
  64. loaded plugins: charon addrblock af-alg agent attr blowfish ccm cmac
  65. connmark constraints ctr curl curve25519 des dhcp dnskey duplicheck eap-
  66. identity eap-md5 eap-mschapv2 eap-radius eap-tls farp fips-prf forecast gcm
  67. gcrypt gmp ldap led md4 md5 mysql openssl pem pgp pkcs1 pkcs11 pkcs12 pkcs7
  68. pkcs8 pubkey random rc2 resolve revocation smp sqlite sshkey test-vectors
  69. unity vici whitelist x509 xauth-eap xauth-generic xcbc nonce aes sha1 sha2
  70. hmac stroke kernel-netlink socket-default updown
  71. Listening IP addresses:
  72. 192.168.0.26
  73. 10.10.4.1
  74. 10.10.0.14
  75. Connections:
  76. net-net1: %any...95.216.212.162 IKEv1, dpddelay=300s
  77. net-net1: local: uses pre-shared key authentication
  78. net-net1: remote: [global.safelabs.net] uses pre-shared key authentication
  79. net-net1: child: 192.168.1.0/24 === 10.10.1.0/24 TUNNEL, dpdaction=clear
  80. conn-ikev2: %any...95.216.212.162 IKEv2, dpddelay=300s
  81. conn-ikev2: local: uses EAP authentication with EAP identity 'sqltest'
  82. conn-ikev2: remote: [95.216.212.162] uses public key authentication
  83. conn-ikev2: child: 192.168.0.0/16 === 10.10.1.0/24 TUNNEL, dpdaction=clear
  84. conn-p: %any...95.216.212.162 IKEv1, dpddelay=30s
  85. conn-p: local: [192.168.0.26] uses pre-shared key authentication
  86. conn-p: remote: [global.safelabs.net] uses pre-shared key authentication
  87. conn-p: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=restart
  88. IK1: %any...------ IKEv2, dpddelay=300s
  89. IK1: local: uses public key authentication
  90. IK1: remote: [-----] uses public key authentication
  91. IK1: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=clear
  92. Security Associations (1 up, 0 connecting):
  93. conn-p[1]: ESTABLISHED 7 minutes ago,
  94. 192.168.0.26[192.168.0.26]...95.216.212.162[-----]
  95. conn-p[1]: IKEv1 SPIs: 817b867c2c5d77ee_i* 5efa2029856f7577_r, rekeying
  96. disabled
  97. conn-p[1]: IKE proposal:
  98. AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  99. conn-p{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c298a5fc_i
  100.  c7b7e976_o
  101.  conn-p{1}: AES_CBC_128/HMAC_SHA2_256_128/MODP_2048, 59308 bytes_i (1111
  102. pkts, 29s ago), 23822 bytes_o (436 pkts, 29s ago), rekeying disabled
  103. conn-p{1}: 10.0.0.0/8 === 0.0.0.0/0
  104.      
  105. # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
  106. *nat
  107. :PREROUTING ACCEPT [3961:589682]
  108. :INPUT ACCEPT [2445:202214]
  109. :OUTPUT ACCEPT [443:34025]
  110. :POSTROUTING ACCEPT [637:44128]
  111. -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
  112. COMMIT
  113. # Completed on Tue Jun 18 11:15:25 2019
  114. # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
  115. *mangle
  116. :PREROUTING ACCEPT [9598:2016471]
  117.  :INPUT ACCEPT [8548:1717666]
  118.  :FORWARD ACCEPT [44:2288]
  119.   :OUTPUT ACCEPT [1535:182929]
  120.   :POSTROUTING ACCEPT [1583:185473]
  121.  COMMIT
  122.  # Completed on Tue Jun 18 11:15:25 2019
  123.  # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
  124.  *filter
  125.  :INPUT ACCEPT [11:2254]
  126.  :FORWARD ACCEPT [0:0]
  127.  :OUTPUT ACCEPT [1:108]
  128.  -A FORWARD -d 10.0.0.0/8 -i eth0 -m policy --dir in --pol ipsec --reqid 2 -
  129.  -proto esp -j ACCEPT
  130.  -A FORWARD -s 10.0.0.0/8 -o eth0 -m policy --dir out --pol ipsec --reqid 2
  131.  --proto esp -j ACCEPT
  132.  COMMIT
  133.  # Completed on Tue Jun 18 11:15:25 2019
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top