
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=utf-8">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Hi All,<br>

    <br>

    I'm trying to get strongswan up to protect an L2TP connection.  I

    tested L2TP without IPsec and it worked.  My client is a OpenWRT

    device running 4.4.1 and strongswan 5.5.0 connecting to an IOS-XE

    router.  I was at first getting an error with this config:<br>

    <br>

    charondebug="ike 2, knl 3, cfg 0"<br>

    <br>

    conn EAST<br>

          esp=aes128-sha256<br>

          ike=aes128-sha1-modp1024<br>

          left=%any<br>

          right=1.1.1.1<br>

          rightsubnet=1.1.1.1/32<br>

          authby=secret<br>

          type=transport<br>

          keyexchange=ikev1<br>

          auto=start<br>

    <br>

    /etc/strongswan.d/ipsec.conf:3: syntax error, unexpected NAME,

    expecting NEWLINE or '{' or '=' [AWS_EAST_PE1]<br>

    <br>

    So I did as I believe I was told by the error and added a '=':<br>

    <br>

    charondebug="ike 2, knl 3, cfg 0"<br>

    <br>

    conn=EAST<br>

          esp=aes128-sha256<br>

          ike=aes128-sha1-modp1024<br>

          left=%any<br>

          right=1.1.1.1<br>

          rightsubnet=1.1.1.1/32<br>

          authby=secret<br>

          type=transport<br>

          keyexchange=ikev1<br>

          auto=start<br>

    <br>

    No parsing error, but it doesn't seem to be protecting interesting

    traffic.  The Cisco doesnt get any IPsec packets and with tcpdump

    packets go out to the address unencrypted.  What am I missing? 

    Thanks.<br>

    <br>

    Chris<br>

    <br>

    <br>

    <br>

    <div class="moz-signature">-- <br>

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      <title></title>

      <table border="0" cellpadding="0" cellspacing="0">

        <tbody>

          <tr valign="top">

            <td style="border-right:1px solid #21b04a;font:13pt

              Trebuchet

MS,Verdana;font-weight:bold;color:#202020;text-transform:capitalize;padding-right:10px;letter-spacing:0.1em">

              <div style="white-space:nowrap">  Chris Babcock </div>

              <div style="margin-top:6px"> <img

                  src="cid:part1.05020006.07070202@qoya.io" alt=""> </div>

            </td>

            <td style="font:10pt

              Arial;color:#505050;padding-left:10px;letter-spacing:0.1em">

              <div style="font:12pt Trebuchet

                MS,Verdana;text-transform:capitalize;margin-bottom:7px">

                Qoya Communications, LLC<br>

              </div>

                <font color="#330000"> </font><span

                style="white-space:nowrap"><font color="#330000"> <span></span></font><b

                  style="color:#21b04a"><font color="#330000">•</font> </b>

                P. <span> 615.669.3022 <font color="#330000"> </font></span><font

                  color="#330000"> </font></span><font color="#330000">

              </font><b style="color:#21b04a"><font color="#330000"> •</font>

              </b> M. <span>802.291.4284 <font color="#330000"> </font></span><font

                color="#330000"> <b> •</b></font><span> </span> <br>

              <span> <a href="mailto:cbabcock@qoya.io" target="_blank">cbabcock@qoya.io</a>

              </span><span><b style="color:#21b04a"><font

                    color="#330000">•</font> </b> <span> <a

                    href="http://www.qoya.io/" target="_blank"><a class="moz-txt-link-freetext" href="http://www.qoya.io/">http://www.qoya.io/</a></a>

                </span> </span> <br>

              PO Box 90120, Nashville, TN 37209

              <div

style="font-weight:500;font-style:italic;color:#2a0100;font-size:16px;margin-top:0.5em">

                Resilient, reliable, responsive </div>

            </td>

          </tr>

        </tbody>

      </table>

      <br>

      <br>

      <br>

    </div>

  </body>

</html>