### config 192.168.100.1connections { rw { local_addrs = %any

1.  
2. ### config 192.168.100.1
3. connections {
4. rw {
5. local_addrs = %any
6. local {
7. auth = psk
8. }
9. remote {
10. auth = psk
11. }
12. children {
13. net {
14. local_ts = 10.1.0.0/16
15.  
16. updown = /usr/local/libexec/ipsec/_updown iptables
17. esp_proposals = aes128gcm128-x25519
18. }
19. }
20. version = 2
21. proposals = aes128-sha256-x25519
22. }
23. }
24.  
25. secrets {
26. ike-test {
27. id = 192.168.100.141
28. secret = testpw
29. }
30. }
31.  
32. ### config 192.168.100.141
33. onnections {
34. home {
35. local_addrs = 192.168.100.141
36. remote_addrs = 192.168.100.1
37. local {
38. auth = psk
39. id = 192.168.100.141
40. }
41. remote {
42. auth = psk
43. id = 192.168.100.1
44. }
45. children {
46. home {
47. local_ts = 10.1.0.0/16
48.  
49. updown = /usr/local/libexec/ipsec/_updown iptables
50. esp_proposals = aes128gcm128-x25519
51. }
52. }
53. version = 2
54. proposals = aes128-sha256-x25519
55. }
56. }
57. secrets {
58. ike-moon {
59. id = 192.168.100.1
60. secret = testpw
61. }
62. }
63.  
64.  
65. ### log 192.168.100.1
66. root@LEDE:/etc/swanctl# swanctl --log
67. curl SSL backend 'mbedTLS/2.4.2' not supported, https:// disabled
68. 16[JOB] deleting half open IKE_SA with 192.168.100.141 after timeout
69. 10[NET] received packet: from 192.168.100.141[500] to 192.168.100.1[500] (242 bytes)
70. 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
71. 10[IKE] 192.168.100.141 is initiating an IKE_SA
72. 10[IKE] faking NAT situation to enforce UDP encapsulation
73. 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
74. 10[NET] sending packet: from 192.168.100.1[500] to 192.168.100.141[500] (242 bytes)
75. 15[JOB] deleting half open IKE_SA with 192.168.100.141 after timeout
76.  
77. ### log 192.168.100.141
78. root@debian:/etc/swanctl# swanctl -i -c home
79. [IKE] initiating IKE_SA home[1] to 192.168.100.1
80. [ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
81. [NET] sending packet: from 192.168.100.141[500] to 192.168.100.1[500] (242 bytes)
82. [NET] received packet: from 192.168.100.1[500] to 192.168.100.141[500] (242 bytes)
83. [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
84. [IKE] remote host is behind NAT
85. [IKE] authentication of '192.168.100.141' (myself) with pre-shared key
86. [IKE] no shared key found for '192.168.100.141' - '192.168.100.1'
87. initiate failed: establishing CHILD_SA 'home' failed