<div><div dir="auto">Help !!!!!!</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><br><div class="gmail_quote"><div>Le dim. 10 sept. 2017 à 07:49, Olivier CALVANO <<a href="mailto:o.calvano@gmail.com">o.calvano@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div dir="auto">Hi</div><div dir="auto"><br></div><div dir="auto">No help ??</div><div dir="auto"><br></div><div dir="auto">Thanks </div></div><div><br><div class="gmail_quote"><div>Le jeu. 7 sept. 2017 à 09:15, Olivier CALVANO <<a href="mailto:o.calvano@gmail.com" target="_blank">o.calvano@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Hi</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have a problems on a new Site-to-Site configuration of Strongswan :</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ipsec.conf:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">config setup</div><div style="margin:0px;padding:0px;border:0px">        charondebug="knl 2, cfg 2"</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn %default</div><div style="margin:0px;padding:0px;border:0px">        ikelifetime=60m</div><div style="margin:0px;padding:0px;border:0px">        keylife=20m</div><div style="margin:0px;padding:0px;border:0px">        rekeymargin=3m</div><div style="margin:0px;padding:0px;border:0px">        keyingtries=1</div><div style="margin:0px;padding:0px;border:0px">        authby=secret</div><div style="margin:0px;padding:0px;border:0px">        keyexchange=ikev1</div><div style="margin:0px;padding:0px;border:0px">        mobike=no</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn Galioppee</div><div style="margin:0px;padding:0px;border:0px">        left=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px">        leftsubnet=<a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">        leftfirewall=no</div><div style="margin:0px;padding:0px;border:0px">        leftid=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px">        leftauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">        right=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px">        rightsubnet=<a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">        rightid=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px">        rightauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">        type=tunnel</div><div style="margin:0px;padding:0px;border:0px">        auto=start</div><div style="margin:0px;padding:0px;border:0px">        ikelifetime=28800</div><div style="margin:0px;padding:0px;border:0px">        keylife=900</div><div style="margin:0px;padding:0px;border:0px">        aggressive=no</div><div style="margin:0px;padding:0px;border:0px">        ike=aes256-sha1-modp1536!</div><div style="margin:0px;padding:0px;border:0px">        esp=aes256-sha1-modp1536!</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have change "auto=start" to "add" or "route" but same problems.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">server:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ifconfig</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500</div><div style="margin:0px;padding:0px;border:0px">        inet 192.168.1.254.11  netmask 255.255.255.0  broadcast 192.168.1.255</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500</div><div style="margin:0px;padding:0px;border:0px">        inet 172.20.22.233  netmask 255.255.255.248  broadcast 172.20.22.239</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">ipsec0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400</div><div style="margin:0px;padding:0px;border:0px">        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)</div><div style="margin:0px;padding:0px;border:0px">        RX packets 0  bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px">        RX errors 0  dropped 0  overruns 0  frame 0</div><div style="margin:0px;padding:0px;border:0px">        TX packets 0  bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px">        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">route -n:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Kernel IP routing table</div><div style="margin:0px;padding:0px;border:0px">Destination     Gateway         Genmask         Flags Metric Ref    Use Iface</div><div style="margin:0px;padding:0px;border:0px">0.0.0.0         192.168.1.1.1    0.0.0.0         UG    100    0        0 eth1</div><div style="margin:0px;padding:0px;border:0px">172.20.22.232   0.0.0.0         255.255.255.248 U     100    0        0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0    172.20.22.238   255.255.255.0   UG    0      0        0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0    172.20.22.238   255.255.254.0   UG    0      0        0 eth2</div><div style="margin:0px;padding:0px;border:0px"><br></div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">in logs i have:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] looking for a child config for <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]   candidate "Galioppee" with prio 5+5</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] found matching child config "Galioppee" with prio 10</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  config: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a>, received: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a> => match: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  config: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a>, received: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> => match: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting proposal:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]   proposal matches</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, configured 0</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request 2463978021 [ HASH ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies (SPD) in kernel</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 request 4069478722 [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request 3827316135 [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Anyone know my errors ?</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">thanks</div></div><div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">olivier</div></div></blockquote></div></div></blockquote></div></div>