<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"Malgun Gothic";
panose-1:2 11 5 3 2 0 0 2 0 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@Malgun Gothic";}
@font-face
{font-family:"MS PGothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0mm;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"游ゴシック",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=JA link=blue vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>I used StrongSwan-4.2.17 and tried to set up host-host configuration following the explanation from <a href="https://www.strongswan.org/docs/readme4.htm">https://www.strongswan.org/docs/readme4.htm</a>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>My configuration is like this.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> [ 192.168.1.207 ] ===== [192.168.1.206]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> ss_client ss_server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><< Configuration on host ss_client >><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/cacerts/strongswanCert.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/certs/ss_client.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/private/ss_client.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.secrets:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> : RSA ss_client.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.conf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>conn host-host<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> left=%defaultroute<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> leftcert=ss_client.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> right=192.168.1.206<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> rightid="C=US, O=Home, CN=ss_server.research-this-that.com"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> auto=start<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><< Configuration on host ss_server >><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/cacerts/strongswanCert.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/certs/ss_server.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.d/private/ss_server.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.secrets:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> : RSA ss_server.key<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>/etc/ipsec.conf<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>conn host-host<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> left=%defaultroute<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> leftcert=ss_server.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> right=192.168.1.207<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> rightid="C=US, O=Home, CN=ss_client.research-this-that.com"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'> auto=start<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>And this is a message when I run ipsec statusall from each host.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>Would someone can give me any idea what was wrong?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>Or if you need more information from my settings and configuration, please let me know.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><< ipsec statusall from ss_client >><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'># ipsec statusall<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface lo/lo ::1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface lo/lo 127.0.0.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface eth0/eth0 192.168.1.207:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface virbr0/virbr0 192.168.122.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 %myid = (none)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 debug none<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": 192.168.1.207[C=US, O=Home, CN=ss_client.research-this-that.com]---192.168.1.1...192.168.1.206[C=US, O=Home, CN=ss_server.research-this-that.com]; unrouted; eroute owner: #0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": CAs: 'C=US, O=Home, CN=ss_server.research-this-that.com'...'%any'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": newest ISAKMP SA: #0; newest IPsec SA: #0;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": IKE algorithms wanted: 7_128-2-14,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": IKE algorithms found: 7_128-2_160-14,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ESP algorithms wanted: 12_128-2, 3_000-1,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ESP algorithms loaded: 12_128-2_160, 3_192-1_128,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 30s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 #1: pending Phase 2 for "host-host" replacing #0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'><< ipsec statusall from ss_server >><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'># ipsec statusall<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface lo/lo ::1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface lo/lo 127.0.0.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface eth0/eth0 192.168.1.206:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 interface virbr0/virbr0 192.168.122.1:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 %myid = (none)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 debug none<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": 192.168.1.206[C=US, O=Home, CN=ss_server.research-this-that.com]---192.168.1.1...192.168.0.1[C=US, O=Home, CN=ss_client.research-this-that.com]; unrouted; eroute owner: #0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": CAs: 'C=US, O=Home, CN=ss_server.research-this-that.com'...'%any'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": newest ISAKMP SA: #0; newest IPsec SA: #0;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": IKE algorithms wanted: 7_128-2-14,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": IKE algorithms found: 7_128-2_160-14,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ESP algorithms wanted: 12_128-2, 3_000-1,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 "host-host": ESP algorithms loaded: 12_128-2_160, 3_192-1_128,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 1s<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000 #1: pending Phase 2 for "host-host" replacing #0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:KO'>000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;mso-fareast-language:KO'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Windows </span>の <span lang=EN-US><a href="https://go.microsoft.com/fwlink/?LinkId=550986"><span lang=EN-US><span lang=EN-US>メール</span></span></a> </span>から送信</p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:"MS Pゴシック",sans-serif'><o:p> </o:p></span></p></div></body></html>