<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Jianjun,</p>
    <p>  I see at least one issue, "left" config is wrong, instead of</p>
    <p>   <tt>left=0.0.0.0</tt></p>
    <p> you want <br>
    </p>
    <p>   <tt>left=%any</tt></p>
    <p>Regards,</p>
    <p>Jafar<br>
    </p>
    <p><br>
    </p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 9/2/19 5:03 PM, Jianjun Shen Shen
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAK2m7M-1My7m2jTn2c9dCp=paAWTJ_79baWAgRx+ejWqnf0hKA@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div dir="ltr">
          <div dir="ltr">
            <div dir="ltr">
              <div dir="ltr">
                <div dir="ltr">
                  <div dir="ltr">
                    <div dir="ltr">
                      <div dir="ltr">
                        <div dir="ltr">
                          <div dir="ltr">
                            <div dir="ltr">
                              <div dir="ltr">Hello,
                                <div><br>
                                </div>
                                <div>I am using strongswan
                                  (U5.3.5/K4.4.0-87-generic) on Ubuntu
                                  (16.04.3 LTS).</div>
                                <div><br>
                                </div>
                                <div>Running "/usr/lib/ipsec/charon
                                  --debug-cfg 4 --debug-ike 4" got the
                                  following log messages:</div>
                                <div>
                                  <div>00[DMN] Starting IKE charon
                                    daemon (strongSwan 5.3.5, Linux
                                    4.4.0-87-generic, x86_64)</div>
                                  <div>00[CFG] loading ca certificates
                                    from '/etc/ipsec.d/cacerts'</div>
                                  <div>00[CFG] loading aa certificates
                                    from '/etc/ipsec.d/aacerts'</div>
                                  <div>00[CFG] loading ocsp signer
                                    certificates from
                                    '/etc/ipsec.d/ocspcerts'</div>
                                  <div>00[CFG] loading attribute
                                    certificates from
                                    '/etc/ipsec.d/acerts'</div>
                                  <div>00[CFG] loading crls from
                                    '/etc/ipsec.d/crls'</div>
                                  <div>00[CFG] loading secrets from
                                    '/etc/ipsec.secrets'</div>
                                  <div>00[CFG]   loaded IKE secret for
                                    0.0.0.0 10.162.19.54</div>
                                  <div>00[CFG]   secret:
                                    73:77:6f:72:64:66:69:73:68</div>
                                  <div>00[LIB] loaded plugins: charon
                                    test-vectors aes rc2 sha1 sha2 md4
                                    md5 random nonce x509 revocation
                                    constraints pubkey pkcs1 pkcs7 pkcs8
                                    pkcs12 pgp dnskey sshkey pem
                                    fips-prf gmp xcbc hmac attr
                                    kernel-netlink resolve
                                    socket-default stroke updown</div>
                                  <div>00[LIB] dropped capabilities,
                                    running as uid 0, gid 0</div>
                                  <div>00[JOB] spawning 16 worker
                                    threads</div>
                                  <div>05[NET] received packet: from
                                    10.162.19.54[500] to
                                    10.162.19.55[500] (660 bytes)</div>
                                  <div>05[ENC] parsed IKE_SA_INIT
                                    request 0 [ SA KE No N(NATD_S_IP)
                                    N(NATD_D_IP) N(HASH_ALG) ]</div>
                                  <div>05[CFG] looking for an ike config
                                    for 10.162.19.55...10.162.19.54</div>
                                  <div>05[IKE] no IKE config found for
                                    10.162.19.55...10.162.19.54, sending
                                    NO_PROPOSAL_CHOSEN</div>
                                  <div>05[ENC] generating IKE_SA_INIT
                                    response 0 [ N(NO_PROP) ]</div>
                                  <div>05[NET] sending packet: from
                                    10.162.19.55[500] to
                                    10.162.19.54[500] (36 bytes)</div>
                                  <div>05[IKE] IKE_SA (unnamed)[1] state
                                    change: CREATED => DESTROYING</div>
                                </div>
                                <div><br>
                                </div>
                                <div>And my ipsec.conf is quite simple:</div>
                                <div>
                                  <div>config setup</div>
                                  <div>    uniqueids=yes</div>
                                  <div><br>
                                  </div>
                                  <div>conn %default</div>
                                  <div>    keyingtries=%forever</div>
                                  <div>    type=transport</div>
                                  <div>    keyexchange=ikev2</div>
                                  <div>    auto=route</div>
                                  <div>   
                                    ike=aes256gcm16-sha256-modp2048</div>
                                  <div>    esp=aes256gcm16-modp2048</div>
                                  <div><br>
                                  </div>
                                  <div>conn host54</div>
                                  <div>    left=0.0.0.0</div>
                                  <div>    right=10.162.19.54</div>
                                  <div>    authby=psk</div>
                                  <div>    leftprotoport=gre</div>
                                  <div>    rightprotoport=gre</div>
                                </div>
                                <div><br>
                                </div>
                                <div>"ipsec statusall" shows the
                                  following:</div>
                                <div>
                                  <div>Status of IKE charon daemon
                                    (strongSwan 5.3.5, Linux
                                    4.4.0-87-generic, x86_64):<br>
                                  </div>
                                  <div>  uptime: 3 seconds, since Sep 02
                                    22:00:24 2019</div>
                                  <div>  malloc: sbrk 1216512, mmap 0,
                                    used 251808, free 964704</div>
                                  <div>  worker threads: 11 of 16 idle,
                                    5/0/0/0 working, job queue: 0/0/0/0,
                                    scheduled: 0</div>
                                  <div>  loaded plugins: charon
                                    test-vectors aes rc2 sha1 sha2 md4
                                    md5 random nonce x509 revocation
                                    constraints pubkey pkcs1 pkcs7 pkcs8
                                    pkcs12 pgp dnskey sshkey pem
                                    fips-prf gmp xcbc hmac attr
                                    kernel-netlink resolve
                                    socket-default stroke updown</div>
                                  <div>Listening IP addresses:</div>
                                  <div>  10.162.19.55</div>
                                  <div> 
                                    fd01:0:101:2616:20c:29ff:fe2f:26c4</div>
                                  <div>  172.17.0.1</div>
                                  <div>  192.168.0.55</div>
                                  <div>Connections:</div>
                                  <div>    host54:
                                     0.0.0.0...10.162.19.54  IKEv2</div>
                                  <div>    host54:   local:  uses
                                    pre-shared key authentication</div>
                                  <div>    host54:   remote:
                                    [10.162.19.54] uses pre-shared key
                                    authentication</div>
                                  <div>    host54:   child:
                                     dynamic[gre] === dynamic[gre]
                                    TRANSPORT</div>
                                  <div>Routed Connections:</div>
                                  <div>    host54 {1}:  ROUTED,
                                    TRANSPORT, reqid 1</div>
                                  <div>    host54 {1}:   <a
                                      href="http://10.162.19.55/32[gre]"
                                      moz-do-not-send="true">10.162.19.55/32[gre]</a>
                                    === <a
                                      href="http://10.162.19.54/32[gre]"
                                      moz-do-not-send="true">10.162.19.54/32[gre]</a></div>
                                  <div>Security Associations (0 up, 0
                                    connecting):</div>
                                  <div>  none</div>
                                </div>
                                <div><br>
                                </div>
                                <div>So, I could not see anything wrong.
                                  Could you please help?</div>
                                <div><br>
                                </div>
                                <div>Regards,</div>
                                <div>Jianjun</div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                                <div><br>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
  </body>
</html>