API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 30th, 2015
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.61 KB | None | 0 0
raw download clone embed print report diff
  1. Both:
  2. conn %default
  3. ikelifetime=60m
  4. keylife=20m
  5. rekeymargin=3m
  6. keyingtries=1
  7. authby=secret
  8. keyexchange=ikev2
  9. mobike=no
  10.  
  11.  
  12. --------------------------------------------------------
  13.  
  14. Node v5141:
  15. conn quicknet-availo
  16. left=1.2.3.4
  17. leftsubnet=172.16.0.0/16
  18. leftid=@v5141
  19. leftfirewall=yes
  20. right=4.3.2.1
  21. rightsubnet=10.0.0.0/8
  22. rightid=@v6116
  23. forceencaps=yes
  24. auto=add
  25.  
  26. --------------------------------------------------------
  27.  
  28. Node v6116:
  29. conn quicknet-availo
  30. left=4.3.2.1
  31. leftsubnet=10.0.0.0/8
  32. leftid=@v6116
  33. leftfirewall=yes
  34. right=1.2.3.4
  35. rightsubnet=172.16.0.0/16
  36. rightid=@v5141
  37. forceencaps=yes
  38. auto=add
  39.  
  40. --------------------------------------------------------
  41.  
  42. root@v5141: ~ #> ipsec statusall
  43. Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-61-generic, x86_64):
  44. uptime: 79 minutes, since Jul 30 14:33:22 2015
  45. malloc: sbrk 2433024, mmap 0, used 346928, free 2086096
  46. worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
  47. loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
  48. Listening IP addresses:
  49. 1.2.3.4
  50. Connections:
  51. quicknet-availo: 1.2.3.4...4.3.2.1 IKEv2
  52. quicknet-availo: local: [v5141] uses pre-shared key authentication
  53. quicknet-availo: remote: [v6116] uses pre-shared key authentication
  54. quicknet-availo: child: 172.16.0.0/16 === 10.0.0.0/8 TUNNEL
  55. Security Associations (1 up, 0 connecting):
  56. quicknet-availo[4]: ESTABLISHED 21 minutes ago, 1.2.3.4[v5141]...4.3.2.1[v6116]
  57. quicknet-availo[4]: IKEv2 SPIs: fdd39a4062ab8d16_i 9db30a609e063eb7_r*, pre-shared key reauthentication in 33 minutes
  58. quicknet-availo[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
  59. quicknet-availo{4}: INSTALLED, TUNNEL, ESP in UDP SPIs: ca25ba32_i c9265656_o
  60. quicknet-availo{4}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 468 bytes_o (6 pkts, 279s ago), rekeying in 7 minutes
  61. quicknet-availo{4}: 172.16.0.0/16 === 10.0.0.0/8
  62.  
  63. root@v5141: ~ #> ip route list table 220
  64. root@v5141: ~ #>
  65. root@v5141: ~ #> ip xfrm policy
  66. src 10.0.0.0/8 dst 172.16.0.0/16
  67. dir fwd priority 1923
  68. tmpl src 4.3.2.1 dst 1.2.3.4
  69. proto esp reqid 4 mode tunnel
  70. src 10.0.0.0/8 dst 172.16.0.0/16
  71. dir in priority 1923
  72. tmpl src 4.3.2.1 dst 1.2.3.4
  73. proto esp reqid 4 mode tunnel
  74. src 172.16.0.0/16 dst 10.0.0.0/8
  75. dir out priority 1923
  76. tmpl src 1.2.3.4 dst 4.3.2.1
  77. proto esp reqid 4 mode tunnel
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!