FBM# ipsec statusall 000 Status of IKEv1 pluto daemon (strongSwan 4.5.0): 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 10.120.167.202:500 000 interface eth0:1/eth0:1 1.1.1.1:500 000 interface eth1:1/eth1:1 192.168.255.101:500 000 interface eth1/eth1 10.10.10.8:500 000 interface eth1.5/eth1.5 30.30.30.8:500 000 interface eth1.6/eth1.6 60.60.60.8:500 000 interface eth1.7/eth1.7 70.70.70.8:500 000 interface eth1.8/eth1.8 80.80.80.8:500 000 interface eth1.9/eth1.9 90.90.90.8:500 000 %myid = '%any' 000 loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve 000 debug options: control 000 000 "conn15": 80.80.80.0/24===80.80.80.8[CN=FTM/Flexi Node SerialNo#L9080200062]:1/0...80.80.80.3[80.80.80.3]:1/0===80.80.80 .0/24; erouted; eroute owner: #8 000 "conn15": CAs: "C=de, O=NSN DUS, CN=NSN DUS Test Root CA"...%any 000 "conn15": ike_life: 83376s; ipsec_life: 86400s; rekey_margin: 180s; rekey_fuzz: 50%; keyingtries: 0 000 "conn15": dpd_action: restart; dpd_delay: 10s; dpd_timeout: 120s; 000 "conn15": policy: PUBKEY+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth1.8; 000 "conn15": newest ISAKMP SA: #6; newest IPsec SA: #8; 000 "conn15": IKE proposal: 3DES_CBC/HMAC_SHA1/MODP_1024 000 "conn15": ESP proposal: 3DES_CBC/HMAC_SHA1/ 000 "conn19": 70.70.70.0/24===70.70.70.8[CN=FTM/Flexi Node SerialNo#L9080200062]:1/0...70.70.70.3[70.70.70.3]:1/0===70.70.70 .0/24; erouted; eroute owner: #7 000 "conn19": CAs: "C=de, O=NSN DUS, CN=NSN DUS Test Root CA"...%any 000 "conn19": ike_life: 83376s; ipsec_life: 86400s; rekey_margin: 180s; rekey_fuzz: 50%; keyingtries: 0 000 "conn19": dpd_action: restart; dpd_delay: 10s; dpd_timeout: 120s; 000 "conn19": policy: PUBKEY+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth1.7; 000 "conn19": newest ISAKMP SA: #5; newest IPsec SA: #7; 000 "conn19": IKE proposal: 3DES_CBC/HMAC_SHA1/MODP_1024 000 "conn19": ESP proposal: 3DES_CBC/HMAC_SHA1/ 000 000 #8: "conn15" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 85026s; newest IPSEC; eroute owner 000 #8: "conn15" esp.c7567032@80.80.80.3 (0 bytes) esp.c05e9af0@80.80.80.8 (0 bytes); tunnel 000 #6: "conn15" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 81989s; newest ISAKMP; DPD active 000 #7: "conn19" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 85033s; newest IPSEC; eroute owner 000 #7: "conn19" esp.c5b98679@70.70.70.3 (0 bytes) esp.c0730864@70.70.70.8 (0 bytes); tunnel 000 #5: "conn19" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 82028s; newest ISAKMP; DPD active 000 Status of IKEv2 charon daemon (strongSwan 4.5.0): uptime: 3119 days, since Jan 01 01:06:37 2004 malloc: sbrk 258048, mmap 0, used 162280, free 95768 worker threads: 9 idle of 16, job queue load: 0, scheduled events: 20 loaded plugins: aes des sha1 sha2 md5 random x509 revocation pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netli nk resolve socket-raw stroke updown Listening IP addresses: 10.120.167.202 1.1.1.1 192.168.255.101 10.10.10.8 30.30.30.8 60.60.60.8 70.70.70.8 80.80.80.8 90.90.90.8 Connections: conn10: 30.30.30.8...30.30.30.3, dpddelay=10s conn10: local: [CN=FTM/Flexi Node SerialNo#L9080200062] uses public key authentication conn10: cert: "CN=FTM/Flexi Node SerialNo#L9080200062" conn10: remote: [%any] uses any authentication conn10: child: 30.30.30.0/24[tcp] === 30.30.30.0/24[tcp] , dpdaction=restart conn13: 60.60.60.8...60.60.60.3, dpddelay=10s conn13: local: [CN=FTM/Flexi Node SerialNo#L9080200062] uses public key authentication conn13: cert: "CN=FTM/Flexi Node SerialNo#L9080200062" conn13: remote: [%any] uses any authentication conn13: child: 60.60.60.0/24[udp/2152] === 60.60.60.0/24[udp] , dpdaction=restart Security Associations: conn10[4]: ESTABLISHED 18 minutes ago, 30.30.30.8[CN=FTM/Flexi Node SerialNo#L9080200062]...30.30.30.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn10[4]: IKE SPIs: 1e1af3435eaeb154_i 1adf3703608a311c_r*, rekeying in 22 hours conn10[4]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn10{3}: INSTALLED, TUNNEL, ESP SPIs: c170e5ca_i cbddd69f_o conn10{3}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 23 hours conn10{3}: 30.30.30.0/24[tcp] === 30.30.30.0/24[tcp] conn13[5]: ESTABLISHED 18 minutes ago, 60.60.60.8[CN=FTM/Flexi Node SerialNo#L9080200062]...60.60.60.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn13[5]: IKE SPIs: 541ce1c44f413a9c_i 2c165d1c42f2a4fa_r*, rekeying in 22 hours conn13[5]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn13{4}: INSTALLED, TUNNEL, ESP SPIs: c8d5ad33_i c9385798_o conn13{4}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 2 hours conn13{4}: 60.60.60.0/24[udp/2152] === 60.60.60.0/24[udp] conn10[6]: ESTABLISHED 18 minutes ago, 30.30.30.8[CN=FTM/Flexi Node SerialNo#L9080200062]...30.30.30.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn10[6]: IKE SPIs: b3a345124261a481_i 705f7b2219ab4271_r*, rekeying in 22 hours conn10[6]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn10{5}: INSTALLED, TUNNEL, ESP SPIs: c0b95cbd_i c16f4e5f_o conn10{5}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 23 hours conn10{5}: 30.30.30.0/24[tcp] === 30.30.30.0/24[tcp] conn13[7]: ESTABLISHED 18 minutes ago, 60.60.60.8[CN=FTM/Flexi Node SerialNo#L9080200062]...60.60.60.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn13[7]: IKE SPIs: 337227b6270c0975_i 6a37ca45ffce4b6a_r*, rekeying in 22 hours conn13[7]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn13{6}: INSTALLED, TUNNEL, ESP SPIs: ca4516f3_i c3c934ad_o conn13{6}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 2 hours conn13{6}: 60.60.60.0/24[udp/2152] === 60.60.60.0/24[udp] conn13[8]: ESTABLISHED 18 minutes ago, 60.60.60.8[CN=FTM/Flexi Node SerialNo#L9080200062]...60.60.60.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn13[8]: IKE SPIs: 6589f5048390a664_i 712a2558fd736a28_r*, rekeying in 22 hours conn13[8]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn13{7}: INSTALLED, TUNNEL, ESP SPIs: c4a02263_i c676e71d_o conn13{7}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 2 hours conn13{7}: 60.60.60.0/24[udp/2152] === 60.60.60.0/24[udp] conn10[9]: ESTABLISHED 18 minutes ago, 30.30.30.8[CN=FTM/Flexi Node SerialNo#L9080200062]...30.30.30.3[CN=FTM/Flexi No de SerialNo#L9080200062] conn10[9]: IKE SPIs: 1594c30a1194e6cc_i 7562336f2537c57e_r*, rekeying in 22 hours conn10[9]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 conn10{8}: INSTALLED, TUNNEL, ESP SPIs: ca240122_i c00e7707_o conn10{8}: 3DES_CBC/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 23 hours conn10{8}: 30.30.30.0/24[tcp] === 30.30.30.0/24[tcp]