Ok, i changed the config(now that i am bit familiar) and i see one way security association up(which i didnt expect as i was providing a wrong password). But when i try to send packets, it doesn't encrypt and neither do i see packets being sent out through tshark.<div>
<br></div><div>Appreciate anyone's input on this.</div><div><br></div><div><b>ipsec.conf</b></div><div><div>conn home</div><div> left=2001:506:1000:0:2010:0:60:5</div><div> right=2001:1890:1001:2b00::7:5</div>
<div> auth=esp</div><div> authby=secret</div><div> eap=aka</div><div> esp=3des</div><div> type=transport</div><div> xauth=client</div><div> auto=route</div><div> ike=md5</div>
<div> rightprotoport=udp/5000</div><div><br></div><div><div>conn offhome</div><div> left=2001:506:1000:0:2010:0:60:4</div><div> right=2001:1890:1001:2b00::7:5</div><div> auth=esp</div><div> authby=secret</div>
<div> eap=aka</div><div> esp=3des</div><div> type=transport</div><div> xauth=client</div><div> auto=route</div><div> ike=md5</div><div> rightprotoport=udp/5000</div></div><div>
<br></div><div><b>ipsec.secrets</b></div>2001:506:1000:0:2010:0:60:5 2001:1890:1001:2b00::7:5 PSK AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</div><div>2001:506:1000:0:2010:0:60:4 2001:1890:1001:2b00::7:5 PSK AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
</div><div><br></div><div><div><b>[test]# ipsec status</b></div><div>Routed Connections:</div><div> home{1}: ROUTED, TRANSPORT</div><div> home{1}: 2001:506:1000:0:2010:0:60:5/128 === 2001:1890:1001:2b00::7:5/128[udp/commplex-main]</div>
</div><div><div> offhome{2}: ROUTED, TRANSPORT</div><div> offhome{2}: 2001:506:1000:0:2010:0:60:4/128 === 2001:1890:1001:2b00::7:5/128[udp/commplex-main]</div><div>Security Associations (<b>1 up</b>, 0 connecting):</div>
<div> offhome[3]: CONNECTING, 2001:506:1000:0:2010:0:60:4[%any]...2001:1890:1001:2b00::7:5[%any]</div></div><div><br></div><div>Thanks,</div><div>Dhar.</div><div><br><div class="gmail_quote">On Wed, Jun 20, 2012 at 11:00 AM, Sdhar dhar <span dir="ltr"><<a href="mailto:svdharr@gmail.com" target="_blank">svdharr@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Everyone,<div><br></div><div>I am newbie to IPSec and Strong Swan.</div><div>I have been trying to configure strongswan to setup security associations for making an IMS VoLTE call on Redhat Linux box.</div>
<div>I have added below config and started ipsec, but when packets go from Client to Server i dont see any encryption done by strongswan and dont see anything going on in charon.log as well.</div>
<div><br></div><div>Could anyone of expert tell me if i am doing anything wrong wrt configuration?</div><div>Appreciate your help and if possible pls share config file if anyone tried similar config.</div><div><br></div>
<div>
===================ipsec.conf=============</div><div><div>config setup</div><div> crlcheckinterval=600s</div><div> cachecrls=yes</div><div> strictcrlpolicy=yes</div><div> plutostart=no</div><div><br>
</div><div>conn %default</div><div> ikelifetime=60m</div><div> keylife=20m</div><div> rekeymargin=3m</div><div> keyingtries=1</div><div> authby=secret</div><div><br></div><div>conn home</div>
<div> left=2001:506:1000:0:2010:0:60:5</div><div> right=2001:1890:1001:2b00::7:5</div><div> auto=add</div><div><br></div><div>conn offhome</div><div> left=2001:506:1000:0:2010:0:60:4</div><div>
right=2001:1890:1001:2b00::7:5</div><div> auto=add</div></div><div>===============================</div><div><br></div><div>charon.log</div><div><br></div><div><div>00[KNL] 2001:506:1000:0:2010:0:60:6</div>
<div>00[KNL] 2001:506:1000:0:2010:0:60:5</div><div>00[KNL] 2001:506:1000:0:2010:0:60:4</div><div>00[KNL] 2001:506:1000:0:2010:0:60:3</div><div>00[KNL] fe80::5ef3:fcff:fe4c:3ba</div><div>00[KNL] eth3</div>
<div>00[KNL] fe80::e61f:13ff:fe34:b5c6</div><div>00[LIB] plugin 'resolve': loaded successfully</div><div>00[LIB] plugin 'socket-raw': loaded successfully</div><div>00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'</div>
<div>00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'</div><div>00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'</div><div>00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'</div>
<div>00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'</div><div>00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'</div><div>00[CFG] line 11: missing ' : ' separator</div><div>00[LIB] plugin 'stroke': loaded successfully</div>
<div>00[LIB] plugin 'updown': loaded successfully</div><div>00[LIB] feature PRF:PRF_CAMELLIA128_XCBC in 'xcbc' plugin has unsatisfied dependency: CRYPTER:CAMELLIA_CBC-16</div><div>00[LIB] feature SIGNER:CAMELLIA_XCBC_96 in 'xcbc' plugin has unsatisfied dependency: CRYPTER:CAMELLIA_CBC-16</div>
<div>00[DMN] loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-raw stroke updown</div><div>00[JOB] spawning 16 worker threads</div>
<div>01[LIB] created thread 01 [30396]</div><div>04[LIB] created thread 04 [30399]</div><div>04[JOB] started worker thread 04</div><div>01[JOB] started worker thread 01</div><div>05[LIB] created thread 05 [30400]</div><div>
05[JOB] started worker thread 05</div></div><div><div>05[JOB] started worker thread 05</div><div>07[LIB] created thread 07 [30402]</div><div>09[LIB] created thread 09 [30404]</div><div>10[LIB] created thread 10 [30405]</div>
<div>13[LIB] created thread 13 [30408]</div><div>13[JOB] started worker thread 13</div><div>14[LIB] created thread 14 [30409]</div><div>14[JOB] started worker thread 14</div><div>16[LIB] created thread 16 [30411]</div><div>
16[JOB] started worker thread 16</div><div>12[LIB] created thread 12 [30407]</div><div>12[JOB] started worker thread 12</div><div>06[LIB] created thread 06 [30401]</div><div>06[JOB] started worker thread 06</div><div>10[JOB] started worker thread 10</div>
<div>03[LIB] created thread 03 [30398]</div><div>03[JOB] started worker thread 03</div><div>07[JOB] started worker thread 07</div><div>08[LIB] created thread 08 [30403]</div><div>08[JOB] started worker thread 08</div><div>
11[LIB] created thread 11 [30406]</div><div>11[JOB] started worker thread 11</div><div>09[JOB] started worker thread 09</div><div>02[LIB] created thread 02 [30397]</div><div>02[JOB] started worker thread 02</div><div>12[NET] waiting for data on raw sockets</div>
<div>15[LIB] created thread 15 [30410]</div><div>15[JOB] started worker thread 15</div><div>14[JOB] no events, waiting</div><div>06[CFG] stroke message => 568 bytes @ 0x7faef8253ac0</div><div>06[CFG] 0: 38 02 CC 24 0E 00 00 00 FF FF FF FF 00 00 00 00 8..$............</div>
<div>06[CFG] 16: 01 00 00 00 00 00 00 00 D6 EA E1 4F 00 00 00 00 ...........O....</div><div>06[CFG] 32: DF 48 CC 24 FF 7F 00 00 0A 00 00 00 00 00 00 00 .H.$............</div><div>06[CFG] 48: 10 4D CC 24 FF 7F 00 00 02 00 00 00 00 00 00 00 .M.$............</div>
<div>06[CFG] 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>06[CFG] 80: 50 4F CC 24 FF 7F 00 00 D0 25 8E BD 39 00 00 00 PO.$.....%..9...</div><div>06[CFG] 96: 18 00 00 00 30 00 00 00 E0 44 CC 24 FF 7F 00 00 ....0....D.$....</div>
</div><div><div>06[CFG] 112: 20 44 CC 24 FF 7F 00 00 AC 33 80 BD 39 00 00 00 D.$.....3..9...</div><div>06[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>06[CFG] 144: E0 44 CC 24 FF 7F 00 00 03 00 00 00 00 00 00 00 .D.$............</div>
<div>06[CFG] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>06[CFG] 176: 00 00 00 00 A8 76 00 00 40 94 B8 BD 39 00 00 00 .....v..@...9...</div><div>06[CFG] 192: 00 00 00 00 00 00 00 00 FF 00 00 00 08 00 01 00 ................</div>
<div>06[CFG] 208: 88 11 22 BD 39 00 00 00 00 00 00 00 00 00 00 00 ..".9...........</div><div>06[CFG] 224: 90 DB 56 06 4F 7F 00 00 D8 E4 78 06 4F 7F 00 00 ..V.O.....x.O...</div><div>06[CFG] 240: 63 0F 40 00 00 00 00 00 40 07 81 BD 39 00 00 00 c.@.....@...9...</div>
<div>06[CFG] 256: 78 08 40 00 00 00 00 00 00 00 00 00 01 00 00 00 x.@.............</div><div>06[CFG] 272: 0A 00 00 00 00 00 00 00 10 4D CC 24 FF 7F 00 00 .........M.$....</div><div>06[CFG] 288: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>06[CFG] 304: 00 00 00 00 00 00 00 00 B1 C6 40 00 00 00 00 00 ..........@.....</div><div>06[CFG] 320: 63 68 61 72 6F 6E 20 28 33 30 33 39 35 29 20 73 charon (30395) s</div><div>06[CFG] 336: 74 61 72 74 65 64 20 61 66 74 65 72 20 34 30 20 tarted after 40</div>
<div>06[CFG] 352: 6D 73 00 00 00 00 00 00 90 DB 56 06 4F 7F 00 00 ms........V.O...</div><div>06[CFG] 368: 01 00 00 00 00 00 00 00 60 17 E5 01 00 00 00 00 ........`.......</div><div>06[CFG] 384: 00 10 00 00 00 00 00 00 56 58 86 BD 39 00 00 00 ........VX..9...</div>
<div>06[CFG] 400: 00 FD 00 00 00 00 00 00 5C 03 1A 00 00 00 00 00 ........\.......</div><div>06[CFG] 416: 01 00 00 00 00 00 00 00 A4 81 00 00 00 00 00 00 ................</div><div>06[CFG] 432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>06[CFG] 448: 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................</div><div>06[CFG] 464: 00 00 00 00 00 00 00 00 D6 EA E1 4F 00 00 00 00 ...........O....</div><div>06[CFG] 480: 35 72 B6 03 00 00 00 00 D6 EA E1 4F 00 00 00 00 5r.........O....</div>
<div>06[CFG] 496: 35 72 B6 03 00 00 00 00 D6 EA E1 4F 00 00 00 00 5r.........O....</div><div>06[CFG] 512: 35 72 B6 03 00 00 00 00 00 00 00 00 00 00 00 00 5r..............</div><div>06[CFG] 528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>06[CFG] 544: 02 20 00 00 FF 02 FE 02 60 17 E5 01 00 00 00 00 . ......`.......</div><div>06[CFG] 560: FF FF FF FF 00 00 00 00 ........</div><div>06[CFG] crl caching to /usr/local/etc/ipsec.d/crls enabled</div>
<div>07[CFG] stroke message => 711 bytes @ 0x7faef7852a30</div><div>07[CFG] 0: C7 02 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 ................</div><div>07[CFG] 16: 38 02 00 00 00 00 00 00 01 00 00 00 02 00 00 00 8...............</div>
<div>07[CFG] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 48: 00 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 ................</div><div>07[CFG] 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 80: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................</div></div><div><div>07[CFG] 112: 3D 02 00 00 00 00 00 00 65 02 00 00 00 00 00 00 =.......e.......</div><div>07[CFG] 128: 01 00 00 00 00 00 00 00 B0 04 00 00 00 00 00 00 ................</div>
<div>07[CFG] 144: 10 0E 00 00 00 00 00 00 B4 00 00 00 00 00 00 00 ................</div><div>07[CFG] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 192: 01 00 00 00 00 00 00 00 64 00 00 00 00 00 00 00 ........d.......</div><div>07[CFG] 208: 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 352: 7B 02 00 00 00 00 00 00 92 02 00 00 00 00 00 00 {...............</div><div>07[CFG] 368: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 400: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................</div><div>07[CFG] 416: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 464: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>07[CFG] 480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 512: AE 02 00 00 00 00 00 00 F4 01 00 00 00 00 00 00 ................</div>
<div>07[CFG] 528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>07[CFG] 544: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................</div><div>07[CFG] 560: 01 00 00 00 00 00 00 00 68 6F 6D 65 00 61 65 73 ........home.aes</div>
<div>07[CFG] 576: 31 32 38 2D 73 68 61 31 2D 6D 6F 64 70 32 30 34 128-sha1-modp204</div><div>07[CFG] 592: 38 2C 33 64 65 73 2D 73 68 61 31 2D 6D 6F 64 70 8,3des-sha1-modp</div><div>07[CFG] 608: 31 35 33 36 00 61 65 73 31 32 38 2D 73 68 61 31 1536.aes128-sha1</div>
<div>07[CFG] 624: 2C 33 64 65 73 2D 73 68 61 31 00 69 70 73 65 63 ,3des-sha1.ipsec</div><div>07[CFG] 640: 20 5F 75 70 64 6F 77 6E 20 69 70 74 61 62 6C 65 _updown iptable</div></div><div><div>07[CFG] 656: 73 00 32 30 30 31 3A 35 30 36 3A 31 30 30 30 3A s.2001:506:1000:</div>
<div>07[CFG] 672: 30 3A 32 30 31 30 3A 30 3A 36 30 3A 35 00 32 30 0:2010:0:60:5.20</div><div>07[CFG] 688: 30 31 3A 31 38 39 30 3A 31 30 30 31 3A 32 62 30 01:1890:1001:2b0</div><div>07[CFG] 704: 30 3A 3A 37 3A 35 00 0::7:5.</div>
<div>07[CFG] received stroke: add connection 'home'</div><div>07[CFG] conn home</div><div>07[CFG] left=2001:506:1000:0:2010:0:60:5</div><div>07[CFG] leftsubnet=(null)</div><div>07[CFG] leftsourceip=(null)</div>
<div>07[CFG] leftauth=(null)</div><div>07[CFG] leftauth2=(null)</div><div>07[CFG] leftid=(null)</div><div>07[CFG] leftid2=(null)</div><div>07[CFG] leftcert=(null)</div><div>07[CFG] leftcert2=(null)</div><div>
07[CFG] leftca=(null)</div>
<div>07[CFG] leftca2=(null)</div><div>07[CFG] leftgroups=(null)</div><div>07[CFG] leftupdown=ipsec _updown iptables</div><div>07[CFG] right=2001:1890:1001:2b00::7:5</div><div>07[CFG] rightsubnet=(null)</div><div>
07[CFG] rightsourceip=(null)</div><div>07[CFG] rightauth=(null)</div><div>07[CFG] rightauth2=(null)</div><div>07[CFG] rightid=(null)</div><div>07[CFG] rightid2=(null)</div><div>07[CFG] rightcert=(null)</div><div>
07[CFG] rightcert2=(null)</div><div>07[CFG] rightca=(null)</div><div>07[CFG] rightca2=(null)</div><div>07[CFG] rightgroups=(null)</div><div>07[CFG] rightupdown=(null)</div><div>07[CFG] eap_identity=(null)</div>
<div>07[CFG] aaa_identity=(null)</div><div>07[CFG] ike=aes128-sha1-modp2048,3des-sha1-modp1536</div><div>07[CFG] esp=aes128-sha1,3des-sha1</div></div><div><div>07[CFG] dpddelay=30</div><div>07[CFG] dpdaction=0</div>
<div>07[CFG] closeaction=0</div><div>07[CFG] mediation=no</div><div>07[CFG] mediated_by=(null)</div><div>07[CFG] me_peerid=(null)</div><div>07[KNL] getting interface name for 2001:1890:1001:2b00::7:5</div><div>07[KNL] 2001:1890:1001:2b00::7:5 is not a local address</div>
<div>07[KNL] getting interface name for 2001:506:1000:0:2010:0:60:5</div><div>07[KNL] 2001:506:1000:0:2010:0:60:5 is on interface eth1</div><div>07[CFG] added configuration 'home'</div><div>11[CFG] stroke message => 714 bytes @ 0x7faef504ea30</div>
<div>11[CFG] 0: CA 02 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 ................</div><div>11[CFG] 16: 38 02 00 00 00 00 00 00 01 00 00 00 02 00 00 00 8...............</div><div>11[CFG] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>11[CFG] 48: 00 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00 ................</div><div>11[CFG] 64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>11[CFG] 80: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>11[CFG] 96: 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ................</div><div>11[CFG] 112: 40 02 00 00 00 00 00 00 68 02 00 00 00 00 00 00 @.......h.......</div><div>11[CFG] 128: 01 00 00 00 00 00 00 00 B0 04 00 00 00 00 00 00 ................</div>
<div>11[CFG] 144: 10 0E 00 00 00 00 00 00 B4 00 00 00 00 00 00 00 ................</div><div>11[CFG] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>11[CFG] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>11[CFG] 192: 01 00 00 00 00 00 00 00 64 00 00 00 00 00 00 00 ........d.......</div><div>11[CFG] 208: 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>11[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>11[CFG] 240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>11[CFG] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div><div>11[CFG] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</div>
<div>11[CFG] 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............</div></div><div><br></div><div><br></div><div>-Svdhar.</div>
</blockquote></div><br></div>