<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi there,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:4.8pt">I just started using the strongswan (<a href="http://download.strongswan.org/strongswan-5.0.0.tar.gz"><span style="color:windowtext;text-decoration:none">strongswan-5.0.0.tar.gz</span></a>) and have tried a simple
IPv4 IKEv2 Remote Access case, where the road warrior carol (at 10.46.212.196) and the gateway moon (at 10.41.73.71) established the VPN tunnel and moon assigned the virtual IP addr
<span style="color:red">10.9.8.1</span> to carol. However, I checked the carol’s machine after the VPN tunnel was up, and I did not see the 10.9.8.1 shown up under the dev eth0. From carol, I could ping the other end of the VPN (10.9.8.7) and tcpdump showed
ESP packets. But from moon, I could not ping the other end of the VPN (10.9.8.1).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">To work around (which I do not think is the right way), I had to add an extra line to the carol’s ipsec.conf in order to make the assigned virtual IP address show up for the dev eth0. Then I could ping both VPN ends from the other side,
and the tcpdump showed both in ESP packets.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Before adding the extra line to the carol’s ipsec.conf, I did see a suspicious log in carol’s syslog:<o:p></o:p></p>
<p class="MsoNormal">Jul 29 14:33:22 as3-iwf118 charon: 06[IKE] CHILD_SA home{1} established with SPIs cffd2e36_i ca69b222_o and TS
<span style="color:red">10.46.212.196</span>/32 === 10.9.8.0/24 <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">After adding the extra line to the carol’s ipsec.conf, I did see a correct log in carol’s syslog:<o:p></o:p></p>
<p class="MsoNormal">Jul 29 14:40:08 as3-iwf118 charon: 10[IKE] CHILD_SA home{1} established with SPIs c839f511_i c3456308_o and TS
<span style="color:red">10.9.8.1</span>/32 === 10.9.8.0/24<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The ipsec.conf files are shown below, the red line is the extra line I had to add. The logs shown below were before adding the extra line in the failure situation.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Could someone please tell me what I am missing? How can I make moon assign and make carol take the virtual IP address instead of having carol specifying the address it wants? Thanks a lot!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal">Zhiheng Mao<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">================== ipsec.conf for gateway moon ==================
<o:p></o:p></p>
<p class="MsoNormal">config setup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn %default<o:p></o:p></p>
<p class="MsoNormal"> ikelifetime=60m<o:p></o:p></p>
<p class="MsoNormal"> keylife=20m<o:p></o:p></p>
<p class="MsoNormal"> rekeymargin=3m<o:p></o:p></p>
<p class="MsoNormal"> keyingtries=1<o:p></o:p></p>
<p class="MsoNormal"> keyexchange=ikev2<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn rw-carol<o:p></o:p></p>
<p class="MsoNormal"> left=10.41.73.71<o:p></o:p></p>
<p class="MsoNormal"> leftsubnet=10.9.8.0/24<o:p></o:p></p>
<p class="MsoNormal"> <a href="mailto:leftid=moon@strongswan.org">leftid=moon@strongswan.org</a><o:p></o:p></p>
<p class="MsoNormal"> leftauth=psk<o:p></o:p></p>
<p class="MsoNormal"> leftfirewall=yes<o:p></o:p></p>
<p class="MsoNormal"> right=%any<o:p></o:p></p>
<p class="MsoNormal"> <a href="mailto:rightid=*@strongswan.org">rightid=*@strongswan.org</a><o:p></o:p></p>
<p class="MsoNormal"> rightauth=psk<o:p></o:p></p>
<p class="MsoNormal"> rightsourceip=10.9.8.1<o:p></o:p></p>
<p class="MsoNormal"> auto=add<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">================== ipsec.conf for rw carol ==================
<o:p></o:p></p>
<p class="MsoNormal">config setup<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn %default<o:p></o:p></p>
<p class="MsoNormal"> ikelifetime=60m<o:p></o:p></p>
<p class="MsoNormal"> keylife=20m<o:p></o:p></p>
<p class="MsoNormal"> rekeymargin=3m<o:p></o:p></p>
<p class="MsoNormal"> keyingtries=1<o:p></o:p></p>
<p class="MsoNormal"> keyexchange=ikev2<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn home<o:p></o:p></p>
<p class="MsoNormal"> left=10.46.212.196<o:p></o:p></p>
<p class="MsoNormal"> <a href="mailto:leftid=carol@strongswan.org">leftid=carol@strongswan.org</a><o:p></o:p></p>
<p class="MsoNormal"> leftauth=psk<o:p></o:p></p>
<p class="MsoNormal"> leftfirewall=yes<o:p></o:p></p>
<p class="MsoNormal"> <span style="color:red">leftsourceip=10.9.8.1 # without this line, this virtual address does not show up under the dev eth0. Why?</span><o:p></o:p></p>
<p class="MsoNormal"> right=10.41.73.71<o:p></o:p></p>
<p class="MsoNormal"> <a href="mailto:rightid=moon@strongswan.org">rightid=moon@strongswan.org</a><o:p></o:p></p>
<p class="MsoNormal"> rightsubnet=10.9.8.0/24<o:p></o:p></p>
<p class="MsoNormal"> rightauth=psk<o:p></o:p></p>
<p class="MsoNormal"> auto=start<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">================== moon’s syslog ================== <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.18-238.el5, x86_64)
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[KNL] listening on interfaces:
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[KNL] eth0 <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[KNL] 10.41.73.71 <o:p>
</o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[KNL] 10.41.73.79 <o:p>
</o:p></p>
<p class="MsoNormal">Jul 29 15:44:24 sit-iwf charon: 00[KNL] 2002:c023:9c17:21c::a29:4947
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[KNL] fe80::21b:78ff:fe75:3bd8
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[KNL] tun0 <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[KNL] 10.9.8.7 <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loaded 0 RADIUS server configurations
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loaded IKE secret for carol@strongswan.org
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[CFG] loaded IKE secret for moon@strongswan.org
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke
updown eap-aka eap-md5 eap-radius xauth-generic <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:25 sit-iwf charon: 00[JOB] spawning 16 worker threads
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:26 sit-iwf charon: 07[CFG] received stroke: add connection 'rw-carol'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:26 sit-iwf charon: 07[CFG] added configuration 'rw-carol'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:26 sit-iwf charon: 07[CFG] adding virtual IP address pool 'rw-carol': 10.9.8.1/32
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 09[NET] received packet: from 10.46.212.196[500] to 10.41.73.71[500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 09[IKE] 10.46.212.196 is initiating an IKE_SA
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 09[NET] sending packet: from 10.41.73.71[500] to 10.46.212.196[500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[NET] received packet: from 10.46.212.196[4500] to 10.41.73.71[4500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[CFG] looking for peer configs matching 10.41.73.71[moon@strongswan.org]...10.46.212.196[carol@strongswan.org]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[CFG] selected peer config 'rw-carol'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] authentication of 'carol@strongswan.org' with pre-shared key successful
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] peer supports MOBIKE
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] authentication of 'moon@strongswan.org' (myself) with pre-shared key
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] IKE_SA rw-carol[1] established between 10.41.73.71[moon@strongswan.o rg]...10.46.212.196[carol@strongswan.org]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] scheduling reauthentication in 3400s
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] maximum IKE_SA lifetime 3580s
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 sit-iwf charon: 10[IKE] CHILD_SA rw-carol{1} established with SPIs c0401f84_i c445a329_o and TS 10.9.8.0/24 === 10.46.212.196/32
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 sit-iwf charon: 10[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 sit-iwf charon: 10[NET] sending packet: from 10.41.73.71[4500] to 10.46.212.196[4500]<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">================== carol’s eth0 before VPN setup, syslog during VPN setup, eth0 after VPN setup ==================<o:p></o:p></p>
<p class="MsoNormal">[zmao@as3-iwf118 sbin]$ /sbin/ip addr<o:p></o:p></p>
<p class="MsoNormal">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue <o:p></o:p></p>
<p class="MsoNormal"> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<o:p></o:p></p>
<p class="MsoNormal"> inet 127.0.0.1/8 scope host lo<o:p></o:p></p>
<p class="MsoNormal"> inet6 ::1/128 scope host <o:p></o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal">2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000<o:p></o:p></p>
<p class="MsoNormal"> link/ether 78:e7:d1:ca:6f:b8 brd ff:ff:ff:ff:ff:ff<o:p></o:p></p>
<p class="MsoNormal"> inet 10.46.212.196/27 brd 10.46.212.223 scope global eth0<o:p></o:p></p>
<p class="MsoNormal"> inet6 2002:c023:9c17:21b::a2e:d4c4/64 scope global <o:p>
</o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal"> inet6 fe80::7ae7:d1ff:feca:6fb8/64 scope link <o:p></o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal">3: sit0: <NOARP> mtu 1480 qdisc noop <o:p></o:p></p>
<p class="MsoNormal"> link/sit 0.0.0.0 brd 0.0.0.0<o:p></o:p></p>
<p class="MsoNormal">442: ppp0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop qlen 3<o:p></o:p></p>
<p class="MsoNormal"> link/ppp <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.18-238.el5, x86_64)
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[KNL] listening on interfaces:
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[KNL] eth0 <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[KNL] 10.46.212.196
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[KNL] 2002:c023:9c17:21b::a2e:d4c4
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[KNL] fe80::7ae7:d1ff:feca:6fb8
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loaded IKE secret for carol@strongswan.org
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[CFG] loaded IKE secret for moon@strongswan.org
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke
updown xauth-generic <o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 00[JOB] spawning 16 worker threads
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 05[CFG] received stroke: add connection 'home'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 05[CFG] added configuration 'home'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 07[CFG] received stroke: initiate 'home'
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 07[IKE] initiating IKE_SA home[1] to 10.41.73.71
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 07[NET] sending packet: from 10.46.212.196[500] to 10.41.73.71[500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[NET] received packet: from 10.41.73.71[500] to 10.46.212.196[500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[IKE] authentication of 'carol@strongswan.org' (myself) with pre-shared key
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[IKE] establishing CHILD_SA home
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:32 as3-iwf118 charon: 09[NET] sending packet: from 10.46.212.196[4500] to 10.41.73.71[4500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[NET] received packet: from 10.41.73.71[4500] to 10.46.212.196[4500]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] authentication of 'moon@strongswan.org' with pre-shared key successful
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] IKE_SA home[1] established between 10.46.212.196[carol@strongswan .org]...10.41.73.71[moon@strongswan.org]
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] scheduling reauthentication in 3386s
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] maximum IKE_SA lifetime 3566s
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] CHILD_SA home{1} established with SPIs c445a329_i c0401f84_o and TS 10.46.212.196/32 === 10.9.8.0/24
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] received AUTH_LIFETIME of 3400s, scheduling reauthentication in 3220s
<o:p></o:p></p>
<p class="MsoNormal">Jul 29 15:44:33 as3-iwf118 charon: 10[IKE] peer supports MOBIKE
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">[zmao@as3-iwf118 sbin]$ /sbin/ip addr<o:p></o:p></p>
<p class="MsoNormal">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue <o:p></o:p></p>
<p class="MsoNormal"> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<o:p></o:p></p>
<p class="MsoNormal"> inet 127.0.0.1/8 scope host lo<o:p></o:p></p>
<p class="MsoNormal"> inet6 ::1/128 scope host <o:p></o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal">2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000<o:p></o:p></p>
<p class="MsoNormal"> link/ether 78:e7:d1:ca:6f:b8 brd ff:ff:ff:ff:ff:ff<o:p></o:p></p>
<p class="MsoNormal"> inet 10.46.212.196/27 brd 10.46.212.223 scope global eth0<o:p></o:p></p>
<p class="MsoNormal"> inet6 2002:c023:9c17:21b::a2e:d4c4/64 scope global <o:p>
</o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal"> inet6 fe80::7ae7:d1ff:feca:6fb8/64 scope link <o:p></o:p></p>
<p class="MsoNormal"> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class="MsoNormal">3: sit0: <NOARP> mtu 1480 qdisc noop <o:p></o:p></p>
<p class="MsoNormal"> link/sit 0.0.0.0 brd 0.0.0.0<o:p></o:p></p>
<p class="MsoNormal">442: ppp0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop qlen 3<o:p></o:p></p>
<p class="MsoNormal"> link/ppp<o:p></o:p></p>
</div>
</body>
</html>