[strongSwan] StrongSwan Config for IMS

Sdhar dhar svdharr at gmail.com
Wed Jun 20 18:00:27 CEST 2012


Hello Everyone,

I am newbie to IPSec and Strong Swan.
I have been trying to configure strongswan to setup security associations
for making an IMS VoLTE call on Redhat Linux box.
I have added below config and started ipsec, but when packets go from
Client to Server i dont see any encryption done by strongswan and dont see
anything going on in charon.log as well.

Could anyone of expert tell me if i am doing anything wrong wrt
configuration?
Appreciate your help and if possible pls share config file if anyone tried
similar config.

===================ipsec.conf=============
config setup
       crlcheckinterval=600s
       cachecrls=yes
       strictcrlpolicy=yes
       plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=secret

conn home
        left=2001:506:1000:0:2010:0:60:5
        right=2001:1890:1001:2b00::7:5
        auto=add

conn offhome
        left=2001:506:1000:0:2010:0:60:4
        right=2001:1890:1001:2b00::7:5
        auto=add
===============================

charon.log

00[KNL]     2001:506:1000:0:2010:0:60:6
00[KNL]     2001:506:1000:0:2010:0:60:5
00[KNL]     2001:506:1000:0:2010:0:60:4
00[KNL]     2001:506:1000:0:2010:0:60:3
00[KNL]     fe80::5ef3:fcff:fe4c:3ba
00[KNL]   eth3
00[KNL]     fe80::e61f:13ff:fe34:b5c6
00[LIB] plugin 'resolve': loaded successfully
00[LIB] plugin 'socket-raw': loaded successfully
00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from
'/usr/local/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
00[CFG] line 11: missing ' : ' separator
00[LIB] plugin 'stroke': loaded successfully
00[LIB] plugin 'updown': loaded successfully
00[LIB] feature PRF:PRF_CAMELLIA128_XCBC in 'xcbc' plugin has unsatisfied
dependency: CRYPTER:CAMELLIA_CBC-16
00[LIB] feature SIGNER:CAMELLIA_XCBC_96 in 'xcbc' plugin has unsatisfied
dependency: CRYPTER:CAMELLIA_CBC-16
00[DMN] loaded plugins: aes des sha1 sha2 md5 random x509 revocation
constraints pubkey pkcs1 pkcs8 pgp pem fips-prf gmp xcbc hmac attr
kernel-netlink resolve socket-raw stroke updown
00[JOB] spawning 16 worker threads
01[LIB] created thread 01 [30396]
04[LIB] created thread 04 [30399]
04[JOB] started worker thread 04
01[JOB] started worker thread 01
05[LIB] created thread 05 [30400]
05[JOB] started worker thread 05
05[JOB] started worker thread 05
07[LIB] created thread 07 [30402]
09[LIB] created thread 09 [30404]
10[LIB] created thread 10 [30405]
13[LIB] created thread 13 [30408]
13[JOB] started worker thread 13
14[LIB] created thread 14 [30409]
14[JOB] started worker thread 14
16[LIB] created thread 16 [30411]
16[JOB] started worker thread 16
12[LIB] created thread 12 [30407]
12[JOB] started worker thread 12
06[LIB] created thread 06 [30401]
06[JOB] started worker thread 06
10[JOB] started worker thread 10
03[LIB] created thread 03 [30398]
03[JOB] started worker thread 03
07[JOB] started worker thread 07
08[LIB] created thread 08 [30403]
08[JOB] started worker thread 08
11[LIB] created thread 11 [30406]
11[JOB] started worker thread 11
09[JOB] started worker thread 09
02[LIB] created thread 02 [30397]
02[JOB] started worker thread 02
12[NET] waiting for data on raw sockets
15[LIB] created thread 15 [30410]
15[JOB] started worker thread 15
14[JOB] no events, waiting
06[CFG] stroke message => 568 bytes @ 0x7faef8253ac0
06[CFG]    0: 38 02 CC 24 0E 00 00 00 FF FF FF FF 00 00 00 00
 8..$............
06[CFG]   16: 01 00 00 00 00 00 00 00 D6 EA E1 4F 00 00 00 00
 ...........O....
06[CFG]   32: DF 48 CC 24 FF 7F 00 00 0A 00 00 00 00 00 00 00
 .H.$............
06[CFG]   48: 10 4D CC 24 FF 7F 00 00 02 00 00 00 00 00 00 00
 .M.$............
06[CFG]   64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]   80: 50 4F CC 24 FF 7F 00 00 D0 25 8E BD 39 00 00 00
 PO.$.....%..9...
06[CFG]   96: 18 00 00 00 30 00 00 00 E0 44 CC 24 FF 7F 00 00
 ....0....D.$....
06[CFG]  112: 20 44 CC 24 FF 7F 00 00 AC 33 80 BD 39 00 00 00
D.$.....3..9...
06[CFG]  128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]  144: E0 44 CC 24 FF 7F 00 00 03 00 00 00 00 00 00 00
 .D.$............
06[CFG]  160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]  176: 00 00 00 00 A8 76 00 00 40 94 B8 BD 39 00 00 00  .....v..@
...9...
06[CFG]  192: 00 00 00 00 00 00 00 00 FF 00 00 00 08 00 01 00
 ................
06[CFG]  208: 88 11 22 BD 39 00 00 00 00 00 00 00 00 00 00 00
 ..".9...........
06[CFG]  224: 90 DB 56 06 4F 7F 00 00 D8 E4 78 06 4F 7F 00 00
 ..V.O.....x.O...
06[CFG]  240: 63 0F 40 00 00 00 00 00 40 07 81 BD 39 00 00 00  c.@
..... at ...9...
06[CFG]  256: 78 08 40 00 00 00 00 00 00 00 00 00 01 00 00 00  x.@
.............
06[CFG]  272: 0A 00 00 00 00 00 00 00 10 4D CC 24 FF 7F 00 00
 .........M.$....
06[CFG]  288: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]  304: 00 00 00 00 00 00 00 00 B1 C6 40 00 00 00 00 00
 .......... at .....
06[CFG]  320: 63 68 61 72 6F 6E 20 28 33 30 33 39 35 29 20 73  charon
(30395) s
06[CFG]  336: 74 61 72 74 65 64 20 61 66 74 65 72 20 34 30 20  tarted after
40
06[CFG]  352: 6D 73 00 00 00 00 00 00 90 DB 56 06 4F 7F 00 00
 ms........V.O...
06[CFG]  368: 01 00 00 00 00 00 00 00 60 17 E5 01 00 00 00 00
 ........`.......
06[CFG]  384: 00 10 00 00 00 00 00 00 56 58 86 BD 39 00 00 00
 ........VX..9...
06[CFG]  400: 00 FD 00 00 00 00 00 00 5C 03 1A 00 00 00 00 00
 ........\.......
06[CFG]  416: 01 00 00 00 00 00 00 00 A4 81 00 00 00 00 00 00
 ................
06[CFG]  432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]  448: 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00
 ................
06[CFG]  464: 00 00 00 00 00 00 00 00 D6 EA E1 4F 00 00 00 00
 ...........O....
06[CFG]  480: 35 72 B6 03 00 00 00 00 D6 EA E1 4F 00 00 00 00
 5r.........O....
06[CFG]  496: 35 72 B6 03 00 00 00 00 D6 EA E1 4F 00 00 00 00
 5r.........O....
06[CFG]  512: 35 72 B6 03 00 00 00 00 00 00 00 00 00 00 00 00
 5r..............
06[CFG]  528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
06[CFG]  544: 02 20 00 00 FF 02 FE 02 60 17 E5 01 00 00 00 00  .
......`.......
06[CFG]  560: FF FF FF FF 00 00 00 00                          ........
06[CFG] crl caching to /usr/local/etc/ipsec.d/crls enabled
07[CFG] stroke message => 711 bytes @ 0x7faef7852a30
07[CFG]    0: C7 02 00 00 03 00 00 00 FF FF FF FF 00 00 00 00
 ................
07[CFG]   16: 38 02 00 00 00 00 00 00 01 00 00 00 02 00 00 00
 8...............
07[CFG]   32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]   48: 00 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00
 ................
07[CFG]   64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]   80: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  112: 3D 02 00 00 00 00 00 00 65 02 00 00 00 00 00 00
 =.......e.......
07[CFG]  128: 01 00 00 00 00 00 00 00 B0 04 00 00 00 00 00 00
 ................
07[CFG]  144: 10 0E 00 00 00 00 00 00 B4 00 00 00 00 00 00 00
 ................
07[CFG]  160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  192: 01 00 00 00 00 00 00 00 64 00 00 00 00 00 00 00
 ........d.......
07[CFG]  208: 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  352: 7B 02 00 00 00 00 00 00 92 02 00 00 00 00 00 00
 {...............
07[CFG]  368: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  400: 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
 ................
07[CFG]  416: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  464: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  512: AE 02 00 00 00 00 00 00 F4 01 00 00 00 00 00 00
 ................
07[CFG]  528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
07[CFG]  544: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
 ................
07[CFG]  560: 01 00 00 00 00 00 00 00 68 6F 6D 65 00 61 65 73
 ........home.aes
07[CFG]  576: 31 32 38 2D 73 68 61 31 2D 6D 6F 64 70 32 30 34
 128-sha1-modp204
07[CFG]  592: 38 2C 33 64 65 73 2D 73 68 61 31 2D 6D 6F 64 70
 8,3des-sha1-modp
07[CFG]  608: 31 35 33 36 00 61 65 73 31 32 38 2D 73 68 61 31
 1536.aes128-sha1
07[CFG]  624: 2C 33 64 65 73 2D 73 68 61 31 00 69 70 73 65 63
 ,3des-sha1.ipsec
07[CFG]  640: 20 5F 75 70 64 6F 77 6E 20 69 70 74 61 62 6C 65   _updown
iptable
07[CFG]  656: 73 00 32 30 30 31 3A 35 30 36 3A 31 30 30 30 3A
 s.2001:506:1000:
07[CFG]  672: 30 3A 32 30 31 30 3A 30 3A 36 30 3A 35 00 32 30
 0:2010:0:60:5.20
07[CFG]  688: 30 31 3A 31 38 39 30 3A 31 30 30 31 3A 32 62 30
 01:1890:1001:2b0
07[CFG]  704: 30 3A 3A 37 3A 35 00                             0::7:5.
07[CFG] received stroke: add connection 'home'
07[CFG] conn home
07[CFG]   left=2001:506:1000:0:2010:0:60:5
07[CFG]   leftsubnet=(null)
07[CFG]   leftsourceip=(null)
07[CFG]   leftauth=(null)
07[CFG]   leftauth2=(null)
07[CFG]   leftid=(null)
07[CFG]   leftid2=(null)
07[CFG]   leftcert=(null)
07[CFG]   leftcert2=(null)
07[CFG]   leftca=(null)
07[CFG]   leftca2=(null)
07[CFG]   leftgroups=(null)
07[CFG]   leftupdown=ipsec _updown iptables
07[CFG]   right=2001:1890:1001:2b00::7:5
07[CFG]   rightsubnet=(null)
07[CFG]   rightsourceip=(null)
07[CFG]   rightauth=(null)
07[CFG]   rightauth2=(null)
07[CFG]   rightid=(null)
07[CFG]   rightid2=(null)
07[CFG]   rightcert=(null)
07[CFG]   rightcert2=(null)
07[CFG]   rightca=(null)
07[CFG]   rightca2=(null)
07[CFG]   rightgroups=(null)
07[CFG]   rightupdown=(null)
07[CFG]   eap_identity=(null)
07[CFG]   aaa_identity=(null)
07[CFG]   ike=aes128-sha1-modp2048,3des-sha1-modp1536
07[CFG]   esp=aes128-sha1,3des-sha1
07[CFG]   dpddelay=30
07[CFG]   dpdaction=0
07[CFG]   closeaction=0
07[CFG]   mediation=no
07[CFG]   mediated_by=(null)
07[CFG]   me_peerid=(null)
07[KNL] getting interface name for 2001:1890:1001:2b00::7:5
07[KNL] 2001:1890:1001:2b00::7:5 is not a local address
07[KNL] getting interface name for 2001:506:1000:0:2010:0:60:5
07[KNL] 2001:506:1000:0:2010:0:60:5 is on interface eth1
07[CFG] added configuration 'home'
11[CFG] stroke message => 714 bytes @ 0x7faef504ea30
11[CFG]    0: CA 02 00 00 03 00 00 00 FF FF FF FF 00 00 00 00
 ................
11[CFG]   16: 38 02 00 00 00 00 00 00 01 00 00 00 02 00 00 00
 8...............
11[CFG]   32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]   48: 00 00 00 00 00 00 00 00 02 00 00 00 01 00 00 00
 ................
11[CFG]   64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]   80: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]   96: 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00
 ................
11[CFG]  112: 40 02 00 00 00 00 00 00 68 02 00 00 00 00 00 00
 @.......h.......
11[CFG]  128: 01 00 00 00 00 00 00 00 B0 04 00 00 00 00 00 00
 ................
11[CFG]  144: 10 0E 00 00 00 00 00 00 B4 00 00 00 00 00 00 00
 ................
11[CFG]  160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  192: 01 00 00 00 00 00 00 00 64 00 00 00 00 00 00 00
 ........d.......
11[CFG]  208: 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ................
11[CFG]  288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ............


-Svdhar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120620/4041c957/attachment.html>


More information about the Users mailing list