How to fix Error in my Strongswam ipsec vpn tunnel?

Question

Creator

Topic
April 17, 2020 at 9:27 pm #2144834

How to fix Error in my Strongswam ipsec vpn tunnel?

by ibragullam · about 3 years, 1 month ago

Tags: Cloud, Cloud

PS; Need help to fix Strongswam ipsec vpn tunnel

nano /etc/ipsec.conf
config setup
charondebug=”all”
uniqueids=yes

conn yyy-to-xxx
authby=secret
left=10.12.0.8
leftid=30.71.172.92
leftsourceip=%config
leftsubnet=10.12.0.8/32
right=40.204.128.170
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
pfs=no
aggressive=no
keyingtries=0
keyexchange=ikev1
ikelifetime=1h
lifetime=24h
dpddelay=30
dpdtimeout=120
dpdaction=restart
type=tunnel
auto=start
conn add_xxx_sub0
also=yyy-to-xxx
right=40.204.152.238
rightsubnet=40.204.152.238/32[%any/10501]
leftsubnet=10.12.0.8/32
auto=start
conn add_xxx_sub1
also=yyy-to-xxx
right=40.204.152.232
rightsubnet=40.204.152.232/32[%any/8001]
auto=start

ipsec status
Security Associations (1 up, 0 connecting):
yyy-to-xxx[51]: ESTABLISHED 14 seconds ago, 10.12.0.8[30.71.172.92]…40.204.128.170[40.204.128.170]

ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-1034-gcp, x86_64):
uptime: 17 minutes, since Apr 17 16:40:58 2020
malloc: sbrk 1622016, mmap 0, used 823744, free 798272
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 112
loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
10.12.0.8
Connections:
yyy-to-xxxx: 10.12.0.8…40.204.128.170 IKEv1, dpddelay=30s
yyy-to-xxx: local: [30.71.172.92] uses pre-shared key authentication
yyy-to-xxx: remote: [40.204.128.170] uses pre-shared key authentication
yyy-to-xxx: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
add_xxx_sub0: child: 10.12.0.8/32 === 40.204.152.238/32[10501] TUNNEL, dpdaction=restart
add_xxx_sub1: child: 10.12.0.8/32 === 40.204.152.232/32[8001] TUNNEL, dpdaction=restart
add_xxx_sub2: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
yyy-to-xxx[54]: ESTABLISHED 7 seconds ago, 10.128.0.8[30.71.172.92]…40.204.128.170[40.204.128.170]
yyy-to-xxx[54]: IKEv1 SPIs: e5f0058cab84984d_i* 123b59c38f1bb2fa_r, pre-shared key reauthentication in 46 minutes
yyy-to-xxx[54]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
yyy-to-xxx[54]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE QUICK_MODE
yyy-to-xxx[54]: Tasks active: MODE_CONFIG
Creator

Topic

Answer This

All Answers

Share your knowledge Answer This

Start or Search

Start New Discussion

None of these tips from TechRepublic Premium require a paid Google Workspace account, so anyone should be able to make use of them. You do, of course, need to have a Google account. From the guide: HOW TO PASTE WITHOUT FORMATTING I use this tip all the time. When you copy and paste text into ...

Google’s Chrome web browser held a 64.92% command of the global browser market share in April 2023. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all types must employ Chrome with a measure of caution and intelligence. After all, most ...

A safe and healthy work environment provides the foundation for all employees to be at their most productive. Not only does it promote productivity in the workforce, but it also helps prevent accidents, lawsuits and, in extreme cases, serious injury and loss of life. A clear and robust ergonomic policy, like this one from TechRepublic ...

Networks

Question

All Answers

Google Docs tips for advanced users

Google Chrome: Security and UI tips you need to know

Ergonomics policy

Enterprise IoT calculator: TCO and ROI