Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- conn conn-p
- #strictcrlpolicy=no
- authby=secret
- keyexchange=ikev1
- left=%defaultroute
- leftsubnet=0.0.0.0/0
- leftfirewall=yes
- right=95.216.212.162
- rightsubnet=0.0.0.0/0
- rightid=
- #ike=aes256-sha2_256-modp1024!
- #esp=aes256-sha2_256!
- keyingtries=0
- ikelifetime=1h
- lifetime=8h
- dpddelay=30
- dpdtimeout=120
- dpdaction=restart
- auto=add
- rightdns=10.10.1.1
- #mark=42
- charon {
- install_routes=yes
- install_virtual_ip=yes
- eth0 Link encap:Ethernet HWaddr B8:27:EB:B0:52:8E
- inet addr:192.168.0.26 Bcast:192.168.0.255 Mask:255.255.255.0
- inet6 addr: fe80::ba27:ebff:feb0:528e/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:293 errors:0 dropped:0 overruns:0 frame:0
- TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:37560 (36.6 KiB) TX bytes:2612 (2.5 KiB)
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:65536 Metric:1
- RX packets:20 errors:0 dropped:0 overruns:0 frame:0
- TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:4124 (4.0 KiB) TX bytes:4124 (4.0 KiB)
- wlan0 Link encap:Ethernet HWaddr B8:27:EB:E5:07:DB
- inet addr:10.10.4.1 Bcast:10.10.4.255 Mask:255.255.255.0
- inet6 addr: fe80::ba27:ebff:fee5:7db/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
- TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:0 (0.0 B) TX bytes:1614 (1.5 KiB)
- ip tunnel add ipsec0 local 10.10.0.14 remote 95.216.212.162 mode vti key 42
- sysctl -w net.ipv4.conf.ipsec0.disable_policy=1
- ip link set ipsec0 up
- ip route add 10.0.0.0/8 dev ipsec0
- ifconfig ipsec0 10.10.0.14 netmask 255.255.255.0 broadcast 10.10.0.255
- Status of IKE charon daemon (strongSwan 5.8.0, Linux 4.14.123, aarch64):
- uptime: 7 minutes, since Jun 18 09:32:17 2019
- worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0,
- scheduled: 3
- loaded plugins: charon addrblock af-alg agent attr blowfish ccm cmac
- connmark constraints ctr curl curve25519 des dhcp dnskey duplicheck eap-
- identity eap-md5 eap-mschapv2 eap-radius eap-tls farp fips-prf forecast gcm
- gcrypt gmp ldap led md4 md5 mysql openssl pem pgp pkcs1 pkcs11 pkcs12 pkcs7
- pkcs8 pubkey random rc2 resolve revocation smp sqlite sshkey test-vectors
- unity vici whitelist x509 xauth-eap xauth-generic xcbc nonce aes sha1 sha2
- hmac stroke kernel-netlink socket-default updown
- Listening IP addresses:
- 192.168.0.26
- 10.10.4.1
- 10.10.0.14
- Connections:
- net-net1: %any...95.216.212.162 IKEv1, dpddelay=300s
- net-net1: local: uses pre-shared key authentication
- net-net1: remote: [global.safelabs.net] uses pre-shared key authentication
- net-net1: child: 192.168.1.0/24 === 10.10.1.0/24 TUNNEL, dpdaction=clear
- conn-ikev2: %any...95.216.212.162 IKEv2, dpddelay=300s
- conn-ikev2: local: uses EAP authentication with EAP identity 'sqltest'
- conn-ikev2: remote: [95.216.212.162] uses public key authentication
- conn-ikev2: child: 192.168.0.0/16 === 10.10.1.0/24 TUNNEL, dpdaction=clear
- conn-p: %any...95.216.212.162 IKEv1, dpddelay=30s
- conn-p: local: [192.168.0.26] uses pre-shared key authentication
- conn-p: remote: [global.safelabs.net] uses pre-shared key authentication
- conn-p: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=restart
- IK1: %any...------ IKEv2, dpddelay=300s
- IK1: local: uses public key authentication
- IK1: remote: [-----] uses public key authentication
- IK1: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=clear
- Security Associations (1 up, 0 connecting):
- conn-p[1]: ESTABLISHED 7 minutes ago,
- 192.168.0.26[192.168.0.26]...95.216.212.162[-----]
- conn-p[1]: IKEv1 SPIs: 817b867c2c5d77ee_i* 5efa2029856f7577_r, rekeying
- disabled
- conn-p[1]: IKE proposal:
- AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
- conn-p{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c298a5fc_i
- c7b7e976_o
- conn-p{1}: AES_CBC_128/HMAC_SHA2_256_128/MODP_2048, 59308 bytes_i (1111
- pkts, 29s ago), 23822 bytes_o (436 pkts, 29s ago), rekeying disabled
- conn-p{1}: 10.0.0.0/8 === 0.0.0.0/0
- # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
- *nat
- :PREROUTING ACCEPT [3961:589682]
- :INPUT ACCEPT [2445:202214]
- :OUTPUT ACCEPT [443:34025]
- :POSTROUTING ACCEPT [637:44128]
- -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
- COMMIT
- # Completed on Tue Jun 18 11:15:25 2019
- # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
- *mangle
- :PREROUTING ACCEPT [9598:2016471]
- :INPUT ACCEPT [8548:1717666]
- :FORWARD ACCEPT [44:2288]
- :OUTPUT ACCEPT [1535:182929]
- :POSTROUTING ACCEPT [1583:185473]
- COMMIT
- # Completed on Tue Jun 18 11:15:25 2019
- # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
- *filter
- :INPUT ACCEPT [11:2254]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [1:108]
- -A FORWARD -d 10.0.0.0/8 -i eth0 -m policy --dir in --pol ipsec --reqid 2 -
- -proto esp -j ACCEPT
- -A FORWARD -s 10.0.0.0/8 -o eth0 -m policy --dir out --pol ipsec --reqid 2
- --proto esp -j ACCEPT
- COMMIT
- # Completed on Tue Jun 18 11:15:25 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement