<div dir="ltr">StrongSwan is dead ?<div><br></div><div>No help of communauty</div><div>No answer of Strongswan commercial support </div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-09-07 9:15 GMT+02:00 Olivier CALVANO <span dir="ltr"><<a href="mailto:o.calvano@gmail.com" target="_blank">o.calvano@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Hi</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have a problems on a new Site-to-Site configuration of Strongswan :</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ipsec.conf:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">config setup</div><div style="margin:0px;padding:0px;border:0px">        charondebug="knl 2, cfg 2"</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn %default</div><div style="margin:0px;padding:0px;border:0px">        ikelifetime=60m</div><div style="margin:0px;padding:0px;border:0px">        keylife=20m</div><div style="margin:0px;padding:0px;border:0px">        rekeymargin=3m</div><div style="margin:0px;padding:0px;border:0px">        keyingtries=1</div><div style="margin:0px;padding:0px;border:0px">        authby=secret</div><div style="margin:0px;padding:0px;border:0px">        keyexchange=ikev1</div><div style="margin:0px;padding:0px;border:0px">        mobike=no</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn Galioppee</div><div style="margin:0px;padding:0px;border:0px">        left=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px">        leftsubnet=<a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">        leftfirewall=no</div><div style="margin:0px;padding:0px;border:0px">        leftid=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px">        leftauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">        right=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px">        rightsubnet=<a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">        rightid=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px">        rightauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">        type=tunnel</div><div style="margin:0px;padding:0px;border:0px">        auto=start</div><div style="margin:0px;padding:0px;border:0px">        ikelifetime=28800</div><div style="margin:0px;padding:0px;border:0px">        keylife=900</div><div style="margin:0px;padding:0px;border:0px">        aggressive=no</div><div style="margin:0px;padding:0px;border:0px">        ike=aes256-sha1-modp1536!</div><div style="margin:0px;padding:0px;border:0px">        esp=aes256-sha1-modp1536!</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have change "auto=start" to "add" or "route" but same problems.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">server:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ifconfig</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth1: flags=4163<UP,BROADCAST,RUNNIN<wbr>G,MULTICAST>  mtu 1500</div><div style="margin:0px;padding:0px;border:0px">        inet 192.168.1.254.11  netmask 255.255.255.0  broadcast 192.168.1.255</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth2: flags=4163<UP,BROADCAST,RUNNIN<wbr>G,MULTICAST>  mtu 1500</div><div style="margin:0px;padding:0px;border:0px">        inet 172.20.22.233  netmask 255.255.255.248  broadcast 172.20.22.239</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">ipsec0: flags=4305<UP,POINTOPOINT,RUNN<wbr>ING,NOARP,MULTICAST>  mtu 1400</div><div style="margin:0px;padding:0px;border:0px">        unspec 00-00-00-00-00-00-00-00-00-00-<wbr>00-00-00-00-00-00  txqueuelen 500  (UNSPEC)</div><div style="margin:0px;padding:0px;border:0px">        RX packets 0  bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px">        RX errors 0  dropped 0  overruns 0  frame 0</div><div style="margin:0px;padding:0px;border:0px">        TX packets 0  bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px">        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">route -n:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Kernel IP routing table</div><div style="margin:0px;padding:0px;border:0px">Destination     Gateway         Genmask         Flags Metric Ref    Use Iface</div><div style="margin:0px;padding:0px;border:0px">0.0.0.0         192.168.1.1.1    0.0.0.0         UG    100    0        0 eth1</div><div style="margin:0px;padding:0px;border:0px">172.20.22.232   0.0.0.0         255.255.255.248 U     100    0        0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0    172.20.22.238   255.255.255.0   UG    0      0        0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0    172.20.22.238   255.255.254.0   UG    0      0        0 eth2</div><div style="margin:0px;padding:0px;border:0px"><br></div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">in logs i have:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] looking for a child config for <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.<wbr>168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]   candidate "Galioppee" with prio 5+5</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] found matching child config "Galioppee" with prio 10</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  config: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a>, received: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a> => match: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]  config: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a>, received: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> => match: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selecting proposal:</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG]   proposal matches</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, configured 0</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 12[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request 2463978021 [ HASH ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192<wbr>.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192<wbr>.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies (SPD) in kernel</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 request <a href="tel:(406)%20947-8722" value="+14069478722" target="_blank">4069478722</a> [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:34:43 irys01 charon: 13[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request 3827316135 [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep  6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Anyone know my errors ?</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">thanks</div><span class="HOEnZb"><font color="#888888"><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">olivier</div></font></span></div>
</blockquote></div><br></div>