<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi All,<br>
    <br>
    I'm trying to get strongswan up to protect an L2TP connection.  I
    tested L2TP without IPsec and it worked.  My client is a OpenWRT
    device running 4.4.1 and strongswan 5.5.0 connecting to an IOS-XE
    router.  I was at first getting an error with this config:<br>
    <br>
    charondebug="ike 2, knl 3, cfg 0"<br>
    <br>
    conn EAST<br>
          esp=aes128-sha256<br>
          ike=aes128-sha1-modp1024<br>
          left=%any<br>
          right=1.1.1.1<br>
          rightsubnet=1.1.1.1/32<br>
          authby=secret<br>
          type=transport<br>
          keyexchange=ikev1<br>
          auto=start<br>
    <br>
    /etc/strongswan.d/ipsec.conf:3: syntax error, unexpected NAME,
    expecting NEWLINE or '{' or '=' [AWS_EAST_PE1]<br>
    <br>
    So I did as I believe I was told by the error and added a '=':<br>
    <br>
    charondebug="ike 2, knl 3, cfg 0"<br>
    <br>
    conn=EAST<br>
          esp=aes128-sha256<br>
          ike=aes128-sha1-modp1024<br>
          left=%any<br>
          right=1.1.1.1<br>
          rightsubnet=1.1.1.1/32<br>
          authby=secret<br>
          type=transport<br>
          keyexchange=ikev1<br>
          auto=start<br>
    <br>
    No parsing error, but it doesn't seem to be protecting interesting
    traffic.  The Cisco doesnt get any IPsec packets and with tcpdump
    packets go out to the address unencrypted.  What am I missing? 
    Thanks.<br>
    <br>
    Chris<br>
    <br>
    <br>
    <br>
    <div class="moz-signature">-- <br>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <title></title>
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr valign="top">
            <td style="border-right:1px solid #21b04a;font:13pt
              Trebuchet
MS,Verdana;font-weight:bold;color:#202020;text-transform:capitalize;padding-right:10px;letter-spacing:0.1em">
              <div style="white-space:nowrap">  Chris Babcock </div>
              <div style="margin-top:6px"> <img
                  src="cid:part1.05020006.07070202@qoya.io" alt=""> </div>
            </td>
            <td style="font:10pt
              Arial;color:#505050;padding-left:10px;letter-spacing:0.1em">
              <div style="font:12pt Trebuchet
                MS,Verdana;text-transform:capitalize;margin-bottom:7px">
                Qoya Communications, LLC<br>
              </div>
                <font color="#330000"> </font><span
                style="white-space:nowrap"><font color="#330000"> <span></span></font><b
                  style="color:#21b04a"><font color="#330000">•</font> </b>
                P. <span> 615.669.3022 <font color="#330000"> </font></span><font
                  color="#330000"> </font></span><font color="#330000">
              </font><b style="color:#21b04a"><font color="#330000"> •</font>
              </b> M. <span>802.291.4284 <font color="#330000"> </font></span><font
                color="#330000"> <b> •</b></font><span> </span> <br>
              <span> <a href="mailto:cbabcock@qoya.io" target="_blank">cbabcock@qoya.io</a>
              </span><span><b style="color:#21b04a"><font
                    color="#330000">•</font> </b> <span> <a
                    href="http://www.qoya.io/" target="_blank"><a class="moz-txt-link-freetext" href="http://www.qoya.io/">http://www.qoya.io/</a></a>
                </span> </span> <br>
              PO Box 90120, Nashville, TN 37209
              <div
style="font-weight:500;font-style:italic;color:#2a0100;font-size:16px;margin-top:0.5em">
                Resilient, reliable, responsive </div>
            </td>
          </tr>
        </tbody>
      </table>
      <br>
      <br>
      <br>
    </div>
  </body>
</html>