<div dir="ltr">StrongSwan is dead ?<div><br></div><div>No help of communauty</div><div>No answer of Strongswan commercial support </div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2017-09-07 9:15 GMT+02:00 Olivier CALVANO <span dir="ltr"><<a href="mailto:o.calvano@gmail.com" target="_blank">o.calvano@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Hi</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have a problems on a new Site-to-Site configuration of Strongswan :</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ipsec.conf:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">config setup</div><div style="margin:0px;padding:0px;border:0px"> charondebug="knl 2, cfg 2"</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn %default</div><div style="margin:0px;padding:0px;border:0px"> ikelifetime=60m</div><div style="margin:0px;padding:0px;border:0px"> keylife=20m</div><div style="margin:0px;padding:0px;border:0px"> rekeymargin=3m</div><div style="margin:0px;padding:0px;border:0px"> keyingtries=1</div><div style="margin:0px;padding:0px;border:0px"> authby=secret</div><div style="margin:0px;padding:0px;border:0px"> keyexchange=ikev1</div><div style="margin:0px;padding:0px;border:0px"> mobike=no</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px">conn Galioppee</div><div style="margin:0px;padding:0px;border:0px"> left=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px"> leftsubnet=<a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px"> leftfirewall=no</div><div style="margin:0px;padding:0px;border:0px"> leftid=192.168.1.254</div><div style="margin:0px;padding:0px;border:0px"> leftauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px"> right=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px"> rightsubnet=<a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px"> rightid=172.16.1.254</div><div style="margin:0px;padding:0px;border:0px"> rightauth=psk</div><div style="margin:0px;padding:0px;border:0px"><br></div><div style="margin:0px;padding:0px;border:0px"> type=tunnel</div><div style="margin:0px;padding:0px;border:0px"> auto=start</div><div style="margin:0px;padding:0px;border:0px"> ikelifetime=28800</div><div style="margin:0px;padding:0px;border:0px"> keylife=900</div><div style="margin:0px;padding:0px;border:0px"> aggressive=no</div><div style="margin:0px;padding:0px;border:0px"> ike=aes256-sha1-modp1536!</div><div style="margin:0px;padding:0px;border:0px"> esp=aes256-sha1-modp1536!</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">i have change "auto=start" to "add" or "route" but same problems.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">server:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">ifconfig</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth1: flags=4163<UP,BROADCAST,RUNNIN<wbr>G,MULTICAST> mtu 1500</div><div style="margin:0px;padding:0px;border:0px"> inet 192.168.1.254.11 netmask 255.255.255.0 broadcast 192.168.1.255</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">eth2: flags=4163<UP,BROADCAST,RUNNIN<wbr>G,MULTICAST> mtu 1500</div><div style="margin:0px;padding:0px;border:0px"> inet 172.20.22.233 netmask 255.255.255.248 broadcast 172.20.22.239</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">ipsec0: flags=4305<UP,POINTOPOINT,RUNN<wbr>ING,NOARP,MULTICAST> mtu 1400</div><div style="margin:0px;padding:0px;border:0px"> unspec 00-00-00-00-00-00-00-00-00-00-<wbr>00-00-00-00-00-00 txqueuelen 500 (UNSPEC)</div><div style="margin:0px;padding:0px;border:0px"> RX packets 0 bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px"> RX errors 0 dropped 0 overruns 0 frame 0</div><div style="margin:0px;padding:0px;border:0px"> TX packets 0 bytes 0 (0.0 B)</div><div style="margin:0px;padding:0px;border:0px"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">route -n:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Kernel IP routing table</div><div style="margin:0px;padding:0px;border:0px">Destination Gateway Genmask Flags Metric Ref Use Iface</div><div style="margin:0px;padding:0px;border:0px">0.0.0.0 192.168.1.1.1 0.0.0.0 UG 100 0 0 eth1</div><div style="margin:0px;padding:0px;border:0px">172.20.22.232 0.0.0.0 255.255.255.248 U 100 0 0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0 172.20.22.238 255.255.255.0 UG 0 0 0 eth2<br></div><div style="margin:0px;padding:0px;border:0px">192.168.62.0 172.20.22.238 255.255.254.0 UG 0 0 0 eth2</div><div style="margin:0px;padding:0px;border:0px"><br></div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">in logs i have:</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] looking for a child config for <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.<wbr>168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] candidate "Galioppee" with prio 5+5</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] found matching child config "Galioppee" with prio 10</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for other:</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] config: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a>, received: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a> => match: <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.163.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us:</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] config: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a>, received: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> => match: <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] selecting proposal:</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] proposal matches</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/M<wbr>ODP_1536/NO_EXT_SEQ</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, configured 0</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response 2463978021 [ HASH SA No KE ID ID ]</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 12[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request 2463978021 [ HASH ]</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192<wbr>.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic selector <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a></div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy <a href="http://192.168.62.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192.168.62.0/24</a> === <a href="http://192.168.163.0/24" rel="nofollow" style="margin:0px;padding:0px;border:0px;text-decoration-line:none;color:rgb(102,17,204)" target="_blank">192<wbr>.168.163.0/24</a> out</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies (SPD) in kernel</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 request <a href="tel:(406)%20947-8722" value="+14069478722" target="_blank">4069478722</a> [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:34:43 irys01 charon: 13[NET] sending packet: from 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:36:12 irys01 charon: 15[NET] received packet: from 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes)</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request 3827316135 [ HASH D ]</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI 16bcc04d</div><div style="margin:0px;padding:0px;border:0px">Sep 6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored</div></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Anyone know my errors ?</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">thanks</div><span class="HOEnZb"><font color="#888888"><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">olivier</div></font></span></div>
</blockquote></div><br></div>