TechRepublic|Forums|Networks

Networks

Question

  • Creator
    Topic
  • April 17, 2020 at 9:27 pm #2144834

    How to fix Error in my Strongswam ipsec vpn tunnel?

    by ibragullam · about 5 years ago

    Tags: 

    PS; Need help to fix Strongswam ipsec vpn tunnel

    nano /etc/ipsec.conf
    config setup
    charondebug=”all”
    uniqueids=yes

    conn yyy-to-xxx
    authby=secret
    left=10.12.0.8
    leftid=30.71.172.92
    leftsourceip=%config
    leftsubnet=10.12.0.8/32
    right=40.204.128.170
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1!
    pfs=no
    aggressive=no
    keyingtries=0
    keyexchange=ikev1
    ikelifetime=1h
    lifetime=24h
    dpddelay=30
    dpdtimeout=120
    dpdaction=restart
    type=tunnel
    auto=start
    conn add_xxx_sub0
    also=yyy-to-xxx
    right=40.204.152.238
    rightsubnet=40.204.152.238/32[%any/10501]
    leftsubnet=10.12.0.8/32
    auto=start
    conn add_xxx_sub1
    also=yyy-to-xxx
    right=40.204.152.232
    rightsubnet=40.204.152.232/32[%any/8001]
    auto=start

    ipsec status
    Security Associations (1 up, 0 connecting):
    yyy-to-xxx[51]: ESTABLISHED 14 seconds ago, 10.12.0.8[30.71.172.92]…40.204.128.170[40.204.128.170]

    ipsec statusall
    Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-1034-gcp, x86_64):
    uptime: 17 minutes, since Apr 17 16:40:58 2020
    malloc: sbrk 1622016, mmap 0, used 823744, free 798272
    worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 112
    loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
    Listening IP addresses:
    10.12.0.8
    Connections:
    yyy-to-xxxx: 10.12.0.8…40.204.128.170 IKEv1, dpddelay=30s
    yyy-to-xxx: local: [30.71.172.92] uses pre-shared key authentication
    yyy-to-xxx: remote: [40.204.128.170] uses pre-shared key authentication
    yyy-to-xxx: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
    add_xxx_sub0: child: 10.12.0.8/32 === 40.204.152.238/32[10501] TUNNEL, dpdaction=restart
    add_xxx_sub1: child: 10.12.0.8/32 === 40.204.152.232/32[8001] TUNNEL, dpdaction=restart
    add_xxx_sub2: child: 10.12.0.8/32 === dynamic TUNNEL, dpdaction=restart
    Security Associations (1 up, 0 connecting):
    yyy-to-xxx[54]: ESTABLISHED 7 seconds ago, 10.128.0.8[30.71.172.92]…40.204.128.170[40.204.128.170]
    yyy-to-xxx[54]: IKEv1 SPIs: e5f0058cab84984d_i* 123b59c38f1bb2fa_r, pre-shared key reauthentication in 46 minutes
    yyy-to-xxx[54]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    yyy-to-xxx[54]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE QUICK_MODE
    yyy-to-xxx[54]: Tasks active: MODE_CONFIG

  • Creator
    Topic

You are posting a reply to: How to fix Error in my Strongswam ipsec vpn tunnel?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

Share your knowledge