[root@linuxPC2 etc]# cat ipsec.conf # /etc/ipsec.conf - strongSwan IPsec configuration file config setup crlcheckinterval=180s strictcrlpolicy=no plutostart=yes plutodebug=controlmore charonstart=no plutostderrlog=/tmp/plutolog.txt ca rootca0 cacert=cacert.pem conn %default leftcert=/etc/ipsec.d/certs/PC2Cert.pem keyexchange=ikev1 authby=pubkey auto=start conn conn101 leftsubnet=20.20.20.2/24 rightsubnet=70.70.70.7/24 left=10.10.10.6 right=10.10.10.5 -------------------------------------------------------------------------------------------- [root@linuxPC2 etc]# cat ipsec.secrets # /etc/ipsec.secrets - strongSwan IPsec secrets file : RSA PC2Key.pem "ipsec123" -------------------------------------------------------------------------------------------- [root@linuxPC2 etc]# ipsec statusall 000 Status of IKEv1 pluto daemon (strongSwan 4.6.2): 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 10.10.10.6:500 000 interface eth1/eth1 20.20.20.2:500 000 interface eth2/eth2 10.125.40.64:500 000 interface virbr0/virbr0 192.168.122.1:500 000 %myid = '%any' 000 loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pkcs8 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve 000 debug options: controlmore 000 000 "conn101": 20.20.20.0/24===10.10.10.6[C=IN, ST=KAR, O=xxxxx, OU=xxxxx, CN=PC2CERT]...10.10.10.5[10.10.10.5]===70.70.70.0/24; unrouted; eroute owner: #0 000 "conn101": CAs: "C=IN, ST=KAR, L=BANG, O=xxxxx, OU=xxxxx, CN=CACERT"...%any 000 "conn101": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "conn101": policy: PUBKEY+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0; 000 "conn101": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 #2: "conn101" STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 8s 000 #1: "conn101" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 4s 000 #1: pending Phase 2 for "conn101" replacing #0 000