conn conn-p#strictcrlpolicy=noauthby=secretkeyexchange=ikev1left=%defaultrou

1. conn conn-p
2. #strictcrlpolicy=no
3. authby=secret
4. keyexchange=ikev1
5. left=%defaultroute
6. leftsubnet=0.0.0.0/0
7. leftfirewall=yes
8. right=95.216.212.162
9. rightsubnet=0.0.0.0/0
10. rightid=
11. #ike=aes256-sha2_256-modp1024!
12. #esp=aes256-sha2_256!
13. keyingtries=0
14. ikelifetime=1h
15. lifetime=8h
16. dpddelay=30
17. dpdtimeout=120
18. dpdaction=restart
19. auto=add
20. rightdns=10.10.1.1
21. #mark=42
22.  
23. charon {
24. install_routes=yes
25. install_virtual_ip=yes
26.  
27. eth0 Link encap:Ethernet HWaddr B8:27:EB:B0:52:8E
28. inet addr:192.168.0.26 Bcast:192.168.0.255 Mask:255.255.255.0
29. inet6 addr: fe80::ba27:ebff:feb0:528e/64 Scope:Link
30. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
31. RX packets:293 errors:0 dropped:0 overruns:0 frame:0
32. TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
33. collisions:0 txqueuelen:1000
34. RX bytes:37560 (36.6 KiB) TX bytes:2612 (2.5 KiB)
35.  
36. lo Link encap:Local Loopback
37. inet addr:127.0.0.1 Mask:255.0.0.0
38. inet6 addr: ::1/128 Scope:Host
39. UP LOOPBACK RUNNING MTU:65536 Metric:1
40. RX packets:20 errors:0 dropped:0 overruns:0 frame:0
41. TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
42. collisions:0 txqueuelen:1000
43. RX bytes:4124 (4.0 KiB) TX bytes:4124 (4.0 KiB)
44.  
45. wlan0 Link encap:Ethernet HWaddr B8:27:EB:E5:07:DB
46. inet addr:10.10.4.1 Bcast:10.10.4.255 Mask:255.255.255.0
47. inet6 addr: fe80::ba27:ebff:fee5:7db/64 Scope:Link
48. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
49. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
50. TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
51. collisions:0 txqueuelen:1000
52. RX bytes:0 (0.0 B) TX bytes:1614 (1.5 KiB)
53.  
54. ip tunnel add ipsec0 local 10.10.0.14 remote 95.216.212.162 mode vti key 42
55. sysctl -w net.ipv4.conf.ipsec0.disable_policy=1
56. ip link set ipsec0 up
57. ip route add 10.0.0.0/8 dev ipsec0
58. ifconfig ipsec0 10.10.0.14 netmask 255.255.255.0 broadcast 10.10.0.255
59.  
60. Status of IKE charon daemon (strongSwan 5.8.0, Linux 4.14.123, aarch64):
61. uptime: 7 minutes, since Jun 18 09:32:17 2019
62. worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0,
63. scheduled: 3
64. loaded plugins: charon addrblock af-alg agent attr blowfish ccm cmac
65. connmark constraints ctr curl curve25519 des dhcp dnskey duplicheck eap-
66. identity eap-md5 eap-mschapv2 eap-radius eap-tls farp fips-prf forecast gcm
67. gcrypt gmp ldap led md4 md5 mysql openssl pem pgp pkcs1 pkcs11 pkcs12 pkcs7
68. pkcs8 pubkey random rc2 resolve revocation smp sqlite sshkey test-vectors
69. unity vici whitelist x509 xauth-eap xauth-generic xcbc nonce aes sha1 sha2
70. hmac stroke kernel-netlink socket-default updown
71. Listening IP addresses:
72. 192.168.0.26
73. 10.10.4.1
74. 10.10.0.14
75. Connections:
76. net-net1: %any...95.216.212.162 IKEv1, dpddelay=300s
77. net-net1: local: uses pre-shared key authentication
78. net-net1: remote: [global.safelabs.net] uses pre-shared key authentication
79. net-net1: child: 192.168.1.0/24 === 10.10.1.0/24 TUNNEL, dpdaction=clear
80. conn-ikev2: %any...95.216.212.162 IKEv2, dpddelay=300s
81. conn-ikev2: local: uses EAP authentication with EAP identity 'sqltest'
82. conn-ikev2: remote: [95.216.212.162] uses public key authentication
83. conn-ikev2: child: 192.168.0.0/16 === 10.10.1.0/24 TUNNEL, dpdaction=clear
84. conn-p: %any...95.216.212.162 IKEv1, dpddelay=30s
85. conn-p: local: [192.168.0.26] uses pre-shared key authentication
86. conn-p: remote: [global.safelabs.net] uses pre-shared key authentication
87. conn-p: child: 0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=restart
88. IK1: %any...------ IKEv2, dpddelay=300s
89. IK1: local: uses public key authentication
90. IK1: remote: [-----] uses public key authentication
91. IK1: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=clear
92. Security Associations (1 up, 0 connecting):
93. conn-p[1]: ESTABLISHED 7 minutes ago,
94. 192.168.0.26[192.168.0.26]...95.216.212.162[-----]
95. conn-p[1]: IKEv1 SPIs: 817b867c2c5d77ee_i* 5efa2029856f7577_r, rekeying
96. disabled
97. conn-p[1]: IKE proposal:
98. AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
99. conn-p{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c298a5fc_i
100. c7b7e976_o
101. conn-p{1}: AES_CBC_128/HMAC_SHA2_256_128/MODP_2048, 59308 bytes_i (1111
102. pkts, 29s ago), 23822 bytes_o (436 pkts, 29s ago), rekeying disabled
103. conn-p{1}: 10.0.0.0/8 === 0.0.0.0/0
104.  
105. # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
106. *nat
107. :PREROUTING ACCEPT [3961:589682]
108. :INPUT ACCEPT [2445:202214]
109. :OUTPUT ACCEPT [443:34025]
110. :POSTROUTING ACCEPT [637:44128]
111. -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
112. COMMIT
113. # Completed on Tue Jun 18 11:15:25 2019
114. # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
115. *mangle
116. :PREROUTING ACCEPT [9598:2016471]
117. :INPUT ACCEPT [8548:1717666]
118. :FORWARD ACCEPT [44:2288]
119. :OUTPUT ACCEPT [1535:182929]
120. :POSTROUTING ACCEPT [1583:185473]
121. COMMIT
122. # Completed on Tue Jun 18 11:15:25 2019
123. # Generated by iptables-save v1.8.2 on Tue Jun 18 11:15:25 2019
124. *filter
125. :INPUT ACCEPT [11:2254]
126. :FORWARD ACCEPT [0:0]
127. :OUTPUT ACCEPT [1:108]
128. -A FORWARD -d 10.0.0.0/8 -i eth0 -m policy --dir in --pol ipsec --reqid 2 -
129. -proto esp -j ACCEPT
130. -A FORWARD -s 10.0.0.0/8 -o eth0 -m policy --dir out --pol ipsec --reqid 2
131. --proto esp -j ACCEPT
132. COMMIT
133. # Completed on Tue Jun 18 11:15:25 2019