[strongSwan] newbie qs. suite B with AES-GCM

Philip Anil-QBW348 anil.philip at motorolasolutions.com
Fri Jan 6 01:07:16 CET 2012 

~$ sudo ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.2):
  uptime: 8 minutes, since Jan 05 17:57:18 2012
  malloc: sbrk 135168, mmap 0, used 100184, free 34984
  worker threads: 9 idle of 16, job queue load: 0, scheduled events: 1
  loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink updown openssl 
Listening IP addresses:
  192.168.1.105
Connections:
        home:  192.168.1.105...192.168.1.100
        home:   local:  [carol at strongswan.org] uses public key authentication
        home:   remote: [moon.strongswan.org] uses any authentication
        home:    crl:   status must be GOOD
        home:   child:  dynamic === 10.1.0.0/16 
Security Associations:
        home[2]: CONNECTING, 192.168.1.105[%any]...192.168.1.100[%any]
        home[2]: IKE SPIs: 70cc98e6564644d1_i* 0000000000000000_r
        home[2]: Tasks active: IKE_VENDOR IKE_INIT IKE_NATD IKE_CERT_PRE IKE_AUTHENTICATE IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE 


-----Original Message-----
From: users-bounces+anil.philip=motorolasolutions.com at lists.strongswan.org on behalf of Philip Anil-QBW348
Sent: Thu 1/5/2012 5:59 PM
To: Andreas Steffen
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] newbie qs. suite B with AES-GCM
 
Andreas,
I corrected it and tried again. It has trouble sending so I interrupted and tried ping which is able to see a path.
Anil

~$ sudo /etc/init.d/iptables start 2> /dev/null
~$ sudo ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.5.2 IPsec [starter]...
!! Your strongswan.conf contains manual plugin load options for
!! pluto and/or charon. This is recommended for experts only, see
!! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
~$ sudo ipsec up home
initiating IKE_SA home[1] to 192.168.1.100
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
retransmit 1 of request with message ID 0
sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
retransmit 2 of request with message ID 0
sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
retransmit 3 of request with message ID 0
sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
retransmit 4 of request with message ID 0
sending packet: from 192.168.1.105[500] to 192.168.1.100[500]

~$ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_req=1 ttl=64 time=7.70 ms
64 bytes from 192.168.1.100: icmp_req=2 ttl=64 time=2.41 ms
64 bytes from 192.168.1.100: icmp_req=3 ttl=64 time=2.41 ms
^C
--- 192.168.1.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.412/4.177/7.704/2.494 ms
~$ 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120105/f9cfd7ae/attachment.html>

More information about the Users mailing list