Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### config 192.168.100.1
- connections {
- rw {
- local_addrs = %any
- local {
- auth = psk
- }
- remote {
- auth = psk
- }
- children {
- net {
- local_ts = 10.1.0.0/16
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-x25519
- }
- }
- version = 2
- proposals = aes128-sha256-x25519
- }
- }
- secrets {
- ike-test {
- id = 192.168.100.141
- secret = testpw
- }
- }
- ### config 192.168.100.141
- onnections {
- home {
- local_addrs = 192.168.100.141
- remote_addrs = 192.168.100.1
- local {
- auth = psk
- id = 192.168.100.141
- }
- remote {
- auth = psk
- id = 192.168.100.1
- }
- children {
- home {
- local_ts = 10.1.0.0/16
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-x25519
- }
- }
- version = 2
- proposals = aes128-sha256-x25519
- }
- }
- secrets {
- ike-moon {
- id = 192.168.100.1
- secret = testpw
- }
- }
- ### log 192.168.100.1
- root@LEDE:/etc/swanctl# swanctl --log
- curl SSL backend 'mbedTLS/2.4.2' not supported, https:// disabled
- 16[JOB] deleting half open IKE_SA with 192.168.100.141 after timeout
- 10[NET] received packet: from 192.168.100.141[500] to 192.168.100.1[500] (242 bytes)
- 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
- 10[IKE] 192.168.100.141 is initiating an IKE_SA
- 10[IKE] faking NAT situation to enforce UDP encapsulation
- 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
- 10[NET] sending packet: from 192.168.100.1[500] to 192.168.100.141[500] (242 bytes)
- 15[JOB] deleting half open IKE_SA with 192.168.100.141 after timeout
- ### log 192.168.100.141
- root@debian:/etc/swanctl# swanctl -i -c home
- [IKE] initiating IKE_SA home[1] to 192.168.100.1
- [ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
- [NET] sending packet: from 192.168.100.141[500] to 192.168.100.1[500] (242 bytes)
- [NET] received packet: from 192.168.100.1[500] to 192.168.100.141[500] (242 bytes)
- [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
- [IKE] remote host is behind NAT
- [IKE] authentication of '192.168.100.141' (myself) with pre-shared key
- [IKE] no shared key found for '192.168.100.141' - '192.168.100.1'
- initiate failed: establishing CHILD_SA 'home' failed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement