[strongSwan] IKEv2 road warrior setup - IPv6 (forwarding?) issues
Strykar
strykar at hotmail.com
Tue May 5 13:40:06 CEST 2015
Hi,
I have 1 physical machine, a Hyper-V host, that runs a Slackware linux 14.1
guest.
The linux guest has a bridged NIC to the host and has IPv6 connectivity via
a Sixxs AICCU (tun0) tunnel.
I use this as my ISP gives me dynamic IPv4 and no IPv6.
The strongswan host gets the ipv6 2604:8800:100:277::2/64 with the remote
endpoint being 2604:8800:100:277::1
IPv6 Prefix 2604:8800:100:277::1/64
PoP IPv6 2604:8800:100:277::1
Your IPv6 2604:8800:100:277::2
IPv6 Them 2604:8800:100:277::2/64
Prefix 2604:8800:100:8277::/64
Reverse Zone 7.7.2.8.0.0.1.0.0.0.8.8.4.0.6.2.ip6.arpa.
IPv6 connectivity on the strongswan host works fine.
Road warriors connecting via the IPsec tunnel cannot use IPv6.
I have setup strongSwan with a mobile android user and everything over IPv4
works fine.
In spite of the android getting an IPv6 address from strongSwan, it is
unable to ping6 anyone but itself.
I have tried using
http://www.strongswan.org/uml/testresults/ipv6/rw-ip6-in-ip4-ikev2/index.htm
l and with some assistance from #strongswan at Freenode to no avail.
I am posting my long configuration below, what am I missing here?
The strongswan host is running a 4.0.1 kernel
The android host is using the strongSwan client and is running a
3.4.42-g77cbf41 kernl on armv7l GNU/Linux
You can view a network diagram here: http://i.imgur.com/0A85oJC.jpg
root at slack14:~# uname -a
Linux slack14 4.0.1 #1 SMP Mon May 4 20:54:28 IST 2015 x86_64 Intel(R)
Core(TM) i5 CPU 750 @ 2.67GHz GenuineIntel GNU/Linux
root at slack14:~# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
# uniqueids=yes
charondebug="cfg 1, lib 1, dmn 1, ike 2, net 1, knl 1"
conn %default
keyexchange=ikev2
dpdaction=clear
dpddelay=300s
rekey=no
leftsubnet=2000::/3,0.0.0.0/0
leftcert=vpnHostCert.pem
leftid="C=CH, O=strongSwan, CN=slack14.wrtpoona.in"
right=%any
rightid="C=CH, O=strongSwan, CN=android.wrtpoona.in"
rightsourceip=%dhcp,2604:8800:100:277::4
leftfirewall=yes
forceencaps=yes
compress=yes
auto=start
conn IPSec-IKEv2
keyexchange=ikev2
auto=add
conn IPSec-IKEv2-EAP
also="IPSec-IKEv2"
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
conn CiscoIPSec
keyexchange=ikev1
# forceencaps=yes
rightauth=pubkey
rightauth2=xauth
auto=add
root at slack14:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.0, Linux 4.0.1, x86_64):
uptime: 70 seconds, since May 05 16:27:10 2015
malloc: sbrk 1617920, mmap 0, used 457520, free 1160400
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 3
loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem
openssl gcrypt fips-prf gmp xcbc cmac hmac gcm ntru bliss attr kernel-pfkey
kernel-netlink resolve socket-default connmark forecast farp stroke updown
eap-identity eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic
dhcp lookip
Virtual IP pools (size/online/offline):
2604:8800:100:277::4: 1/1/0
Listening IP addresses:
192.168.1.44
2604:8800:100:277::2
Connections:
rw: %any...%any IKEv2
rw: local: [C=CH, O=strongSwan, CN=slack14.wrtpoona.in] uses
public key authentication
rw: cert: "C=CH, O=strongSwan, CN=slack14.wrtpoona.in"
rw: remote: uses public key authentication
rw: child: ::/0 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
rw[1]: ESTABLISHED 57 seconds ago, 192.168.1.44[C=CH,
O=strongSwan, CN=slack14.wrtpoona.in]...106.221.210.5[C=CH, O=strongSwan,
CN=android.wrtpoona.in]
rw[1]: IKEv2 SPIs: a8b108ed7950a4a9_i d16590d42d1c59d8_r*, public
key reauthentication in 54 minutes
rw[1]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
rw{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c7fb6472_i
503949b6_o
rw{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying
in 13 minutes
rw{1}: ::/0 === 2604:8800:100:277::4/128
root at slack14:~# ip6tables -vL
Chain INPUT (policy ACCEPT 12 packets, 4708 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all eth0 any 2604:8800:100:277::4
anywhere policy match dir in pol ipsec reqid 1 proto esp
0 0 ACCEPT all any eth0 anywhere
2604:8800:100:277::4 policy match dir out pol ipsec reqid 1 proto esp
Chain OUTPUT (policy ACCEPT 12 packets, 2993 bytes)
pkts bytes target prot opt in out source
destination
root at slack14:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root at slack14:~# sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
root at slack14:~# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 1
root at slack14:~# sysctl net.ipv6.conf.tun0.accept_ra
net.ipv6.conf.tun0.accept_ra = 1
root at slack14:~# iptables -vL
Chain INPUT (policy ACCEPT 2624 packets, 853K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
234 28708 ACCEPT all -- eth0 any 192.168.1.12 anywhere
policy match dir in pol ipsec reqid 1 proto esp
280 31170 ACCEPT all -- any eth0 anywhere
192.168.1.12 policy match dir out pol ipsec reqid 1 proto esp
Chain OUTPUT (policy ACCEPT 2284 packets, 690K bytes)
pkts bytes target prot opt in out source
destination
root at slack14:~#
root at slack14:~# ip r show table all
default via 192.168.1.1 dev eth0 metric 1
127.0.0.0/8 dev lo scope link
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.44
broadcast 127.0.0.0 dev lo table local proto kernel scope link src
127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src
127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src
127.0.0.1
broadcast 192.168.1.0 dev eth0 table local proto kernel scope link src
192.168.1.44
local 192.168.1.44 dev eth0 table local proto kernel scope host src
192.168.1.44
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src
192.168.1.44
2604:8800:100:277::4 dev eth0 table 220 proto static metric 1024
unreachable default dev lo table unspec proto kernel metric 4294967295
error -101
2604:8800:100:277::/64 dev tun0 proto kernel metric 256
2000::/3 dev tun0 metric 100
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev tun0 proto kernel metric 256
default via 2604:8800:100:277::1 dev tun0 metric 1024
unreachable default dev lo table unspec proto kernel metric 4294967295
error -101
local ::1 dev lo table local proto none metric 0
local 2604:8800:100:277:: dev lo table local proto none metric 0
local 2604:8800:100:277::2 dev lo table local proto none metric 0
local fe80:: dev lo table local proto none metric 0
local fe80:: dev lo table local proto none metric 0
local fe80::215:5dff:fe01:206 dev lo table local proto none metric 0
local fe80::8800:100:277:2 dev lo table local proto none metric 0
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev tun0 table local metric 256
unreachable default dev lo table unspec proto kernel metric 4294967295
error -101
root at slack14:~# ip -6 route list table 220
2604:8800:100:277::4 dev eth0 proto static metric 1024
root at slack14:~# ip -s xfrm state
src 192.168.1.44 dst 106.221.210.5
proto esp spi 0xee9419f4(4002683380) reqid 1(0x00000001) mode tunnel
Segmentation fault
root at slack14:~# ip xfrm state
src 192.168.1.44 dst 106.221.210.5
proto esp spi 0xee9419f4 reqid 1 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0xXXXXXXXXXXXXXXXXXXXXXXXXX 96
enc cbc(aes) 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
encap type espinudp sport 4500 dport 61326 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 106.221.210.5 dst 192.168.1.44
proto esp spi 0xc86e0c86 reqid 1 mode tunnel
replay-window 32
auth-trunc hmac(sha1) 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 96
enc cbc(aes) 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
encap type espinudp sport 61326 dport 4500 addr 0.0.0.0
sel src 0.0.0.0/0 dst 0.0.0.0/0
root at slack14:~# ip -s xfrm policy
src 2604:8800:100:277::4/128 dst 2000::/3 uid 0
dir fwd action allow index 386 priority 2551 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use -
tmpl src 106.221.210.5 dst 192.168.1.44
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 2604:8800:100:277::4/128 dst 2000::/3 uid 0
dir in action allow index 376 priority 2551 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use -
tmpl src 106.221.210.5 dst 192.168.1.44
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 2000::/3 dst 2604:8800:100:277::4/128 uid 0
dir out action allow index 369 priority 2551 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use -
tmpl src 192.168.1.44 dst 106.221.210.5
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 192.168.1.12/32 dst 0.0.0.0/0 uid 0
dir fwd action allow index 362 priority 2947 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use 2015-05-05 16:40:53
tmpl src 106.221.210.5 dst 192.168.1.44
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 192.168.1.12/32 dst 0.0.0.0/0 uid 0
dir in action allow index 352 priority 2947 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use -
tmpl src 106.221.210.5 dst 192.168.1.44
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 0.0.0.0/0 dst 192.168.1.12/32 uid 0
dir out action allow index 345 priority 2947 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:22 use 2015-05-05 16:40:54
tmpl src 192.168.1.44 dst 106.221.210.5
proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 339 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use 2015-05-05 16:40:53
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 332 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use 2015-05-05 16:40:29
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 323 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use 2015-05-05 16:37:20
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 316 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use 2015-05-05 16:37:20
src ::/0 dst ::/0 uid 0
socket in action allow index 307 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 300 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use -
src ::/0 dst ::/0 uid 0
socket in action allow index 291 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 284 priority 0 ptype main share any
flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2015-05-05 16:37:08 use -
root at slack14:~#
root at slack14:~# tail -f /var/log/messages
May 5 16:36:51 slack14 charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.3.0, Linux 4.0.1, x86_64)
May 5 16:36:51 slack14 charon: 00[NET] using forecast interface eth0
May 5 16:36:51 slack14 charon: 00[CFG] joining forecast multicast groups:
224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
May 5 16:36:51 slack14 charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
May 5 16:36:51 slack14 charon: 00[CFG] loaded ca certificate "C=CH,
O=strongSwan, CN=strongSwan Root CA" from
'/etc/ipsec.d/cacerts/strongswanCert.pem'
May 5 16:36:51 slack14 charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
May 5 16:36:51 slack14 charon: 00[CFG] loading ocsp signer certificates
from '/etc/ipsec.d/ocspcerts'
May 5 16:36:51 slack14 charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
May 5 16:36:51 slack14 charon: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
May 5 16:36:51 slack14 charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
May 5 16:36:51 slack14 charon: 00[CFG] loaded RSA private key from
'/etc/ipsec.d/private/vpnHostKey.pem'
May 5 16:36:51 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:36:51 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:36:51 slack14 charon: 00[CFG] loaded IKE secret for strykar
May 5 16:36:51 slack14 charon: 00[CFG] loaded IKE secret for 192.168.1.44
%any
May 5 16:36:51 slack14 charon: 00[CFG] loaded IKE secret for
wrt.asuscomm.com %any
May 5 16:36:51 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:36:51 slack14 charon: 00[CFG] loaded 0 RADIUS server
configurations
May 5 16:36:51 slack14 charon: 00[CFG] no script for ext-auth script
defined, disabled
May 5 16:36:51 slack14 charon: 00[LIB] loaded plugins: charon pkcs11 aes
des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1
pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc
cmac hmac gcm ntru bliss attr kernel-pfkey kernel-netlink resolve
socket-default connmark forecast farp stroke updown eap-identity
eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic dhcp lookip
May 5 16:36:51 slack14 charon: 00[JOB] spawning 16 worker threads
May 5 16:36:51 slack14 charon: 11[CFG] received stroke: add connection
'IPSec-IKEv2'
May 5 16:36:51 slack14 charon: 11[CFG] left nor right host is our side,
assuming left=local
May 5 16:36:51 slack14 charon: 11[CFG] adding virtual IP address pool
2604:8800:100:277::4
May 5 16:36:51 slack14 charon: 11[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:36:51 slack14 charon: 11[CFG] added configuration 'IPSec-IKEv2'
May 5 16:36:51 slack14 charon: 13[CFG] received stroke: add connection
'IPSec-IKEv2-EAP'
May 5 16:36:51 slack14 charon: 13[CFG] left nor right host is our side,
assuming left=local
May 5 16:36:51 slack14 charon: 13[CFG] reusing virtual IP address pool
2604:8800:100:277::4
May 5 16:36:51 slack14 charon: 13[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:36:51 slack14 charon: 13[CFG] added configuration
'IPSec-IKEv2-EAP'
May 5 16:36:51 slack14 charon: 14[CFG] received stroke: add connection
'CiscoIPSec'
May 5 16:36:51 slack14 charon: 14[CFG] left nor right host is our side,
assuming left=local
May 5 16:36:51 slack14 charon: 14[CFG] reusing virtual IP address pool
2604:8800:100:277::4
May 5 16:36:51 slack14 charon: 14[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:36:51 slack14 charon: 14[CFG] added configuration 'CiscoIPSec'
May 5 16:37:05 slack14 charon: 00[DMN] signal of type SIGINT received.
Shutting down
May 5 16:37:08 slack14 charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.3.0, Linux 4.0.1, x86_64)
May 5 16:37:08 slack14 charon: 00[NET] using forecast interface eth0
May 5 16:37:08 slack14 charon: 00[CFG] joining forecast multicast groups:
224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
May 5 16:37:08 slack14 charon: 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
May 5 16:37:08 slack14 charon: 00[CFG] loaded ca certificate "C=CH,
O=strongSwan, CN=strongSwan Root CA" from
'/etc/ipsec.d/cacerts/strongswanCert.pem'
May 5 16:37:08 slack14 charon: 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
May 5 16:37:08 slack14 charon: 00[CFG] loading ocsp signer certificates
from '/etc/ipsec.d/ocspcerts'
May 5 16:37:08 slack14 charon: 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
May 5 16:37:08 slack14 charon: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
May 5 16:37:08 slack14 charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
May 5 16:37:08 slack14 charon: 00[CFG] loaded RSA private key from
'/etc/ipsec.d/private/vpnHostKey.pem'
May 5 16:37:08 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:37:08 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:37:08 slack14 charon: 00[CFG] loaded IKE secret for strykar
May 5 16:37:08 slack14 charon: 00[CFG] loaded IKE secret for 192.168.1.44
%any
May 5 16:37:08 slack14 charon: 00[CFG] loaded IKE secret for
wrt.asuscomm.com %any
May 5 16:37:08 slack14 charon: 00[CFG] loaded EAP secret for strykar
May 5 16:37:08 slack14 charon: 00[CFG] loaded 0 RADIUS server
configurations
May 5 16:37:08 slack14 charon: 00[CFG] no script for ext-auth script
defined, disabled
May 5 16:37:08 slack14 charon: 00[LIB] loaded plugins: charon pkcs11 aes
des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1
pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc
cmac hmac gcm ntru bliss attr kernel-pfkey kernel-netlink resolve
socket-default connmark forecast farp stroke updown eap-identity
eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic dhcp lookip
May 5 16:37:08 slack14 charon: 00[JOB] spawning 16 worker threads
May 5 16:37:08 slack14 charon: 09[CFG] received stroke: add connection
'IPSec-IKEv2'
May 5 16:37:08 slack14 charon: 09[CFG] left nor right host is our side,
assuming left=local
May 5 16:37:08 slack14 charon: 09[CFG] adding virtual IP address pool
2604:8800:100:277::4
May 5 16:37:08 slack14 charon: 09[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:37:08 slack14 charon: 09[CFG] added configuration 'IPSec-IKEv2'
May 5 16:37:08 slack14 charon: 11[CFG] received stroke: add connection
'IPSec-IKEv2-EAP'
May 5 16:37:08 slack14 charon: 11[CFG] left nor right host is our side,
assuming left=local
May 5 16:37:08 slack14 charon: 11[CFG] reusing virtual IP address pool
2604:8800:100:277::4
May 5 16:37:08 slack14 charon: 11[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:37:08 slack14 charon: 11[CFG] added configuration
'IPSec-IKEv2-EAP'
May 5 16:37:08 slack14 charon: 13[CFG] received stroke: add connection
'CiscoIPSec'
May 5 16:37:08 slack14 charon: 13[CFG] left nor right host is our side,
assuming left=local
May 5 16:37:08 slack14 charon: 13[CFG] reusing virtual IP address pool
2604:8800:100:277::4
May 5 16:37:08 slack14 charon: 13[CFG] loaded certificate "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in" from 'vpnHostCert.pem'
May 5 16:37:08 slack14 charon: 13[CFG] added configuration 'CiscoIPSec'
May 5 16:37:20 slack14 charon: 02[NET] received packet: from
106.221.210.5[45607] to 192.168.1.44[500] (996 bytes)
May 5 16:37:20 slack14 charon: 02[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
May 5 16:37:20 slack14 charon: 02[IKE] 106.221.210.5 is initiating an
IKE_SA
May 5 16:37:20 slack14 charon: 02[IKE] IKE_SA (unnamed)[1] state change:
CREATED => CONNECTING
May 5 16:37:20 slack14 charon: 02[IKE] local host is behind NAT, sending
keep alives
May 5 16:37:20 slack14 charon: 02[IKE] remote host is behind NAT
May 5 16:37:20 slack14 charon: 02[IKE] sending cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
May 5 16:37:20 slack14 charon: 02[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
May 5 16:37:20 slack14 charon: 02[NET] sending packet: from
192.168.1.44[500] to 106.221.210.5[45607] (465 bytes)
May 5 16:37:22 slack14 charon: 10[NET] received packet: from
106.221.210.5[61326] to 192.168.1.44[4500] (1948 bytes)
May 5 16:37:22 slack14 charon: 10[ENC] parsed IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA
TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
May 5 16:37:22 slack14 charon: 10[IKE] received cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
May 5 16:37:22 slack14 charon: 10[IKE] received end entity cert "C=CH,
O=strongSwan, CN=android.wrtpoona.in"
May 5 16:37:22 slack14 charon: 10[CFG] looking for peer configs matching
192.168.1.44[%any]...106.221.210.5[C=CH, O=strongSwan,
CN=android.wrtpoona.in]
May 5 16:37:22 slack14 charon: 10[CFG] selected peer config 'IPSec-IKEv2'
May 5 16:37:22 slack14 charon: 10[CFG] using certificate "C=CH,
O=strongSwan, CN=android.wrtpoona.in"
May 5 16:37:22 slack14 charon: 10[CFG] using trusted ca certificate
"C=CH, O=strongSwan, CN=strongSwan Root CA"
May 5 16:37:22 slack14 charon: 10[CFG] checking certificate status of
"C=CH, O=strongSwan, CN=android.wrtpoona.in"
May 5 16:37:22 slack14 charon: 10[CFG] certificate status is not available
May 5 16:37:22 slack14 charon: 10[CFG] reached self-signed root ca with a
path length of 0
May 5 16:37:22 slack14 charon: 10[IKE] authentication of 'C=CH,
O=strongSwan, CN=android.wrtpoona.in' with RSA signature successful
May 5 16:37:22 slack14 charon: 10[IKE] processing INTERNAL_IP4_ADDRESS
attribute
May 5 16:37:22 slack14 charon: 10[IKE] processing INTERNAL_IP6_ADDRESS
attribute
May 5 16:37:22 slack14 charon: 10[IKE] processing INTERNAL_IP4_DNS
attribute
May 5 16:37:22 slack14 charon: 10[IKE] processing INTERNAL_IP6_DNS
attribute
May 5 16:37:22 slack14 charon: 10[IKE] received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
May 5 16:37:22 slack14 charon: 10[IKE] peer supports MOBIKE
May 5 16:37:22 slack14 charon: 10[IKE] authentication of 'C=CH,
O=strongSwan, CN=slack14.wrtpoona.in' (myself) with RSA signature successful
May 5 16:37:22 slack14 charon: 10[IKE] IKE_SA IPSec-IKEv2[1] established
between 192.168.1.44[C=CH, O=strongSwan,
CN=slack14.wrtpoona.in]...106.221.210.5[C=CH, O=strongSwan,
CN=android.wrtpoona.in]
May 5 16:37:22 slack14 charon: 10[IKE] IKE_SA IPSec-IKEv2[1] state change:
CONNECTING => ESTABLISHED
May 5 16:37:22 slack14 charon: 10[IKE] sending end entity cert "C=CH,
O=strongSwan, CN=slack14.wrtpoona.in"
May 5 16:37:22 slack14 charon: 10[IKE] peer requested virtual IP %any
May 5 16:37:22 slack14 charon: 10[CFG] sending DHCP DISCOVER to 192.168.1.1
May 5 16:37:22 slack14 charon: 12[CFG] received DHCP OFFER 192.168.1.12
from 192.168.1.1
May 5 16:37:22 slack14 charon: 10[CFG] sending DHCP REQUEST for
192.168.1.12 to 192.168.1.1
May 5 16:37:22 slack14 charon: 13[CFG] received DHCP ACK for 192.168.1.12
May 5 16:37:22 slack14 charon: 10[IKE] assigning virtual IP 192.168.1.12 to
peer 'C=CH, O=strongSwan, CN=android.wrtpoona.in'
May 5 16:37:22 slack14 charon: 10[IKE] peer requested virtual IP %any6
May 5 16:37:22 slack14 charon: 10[CFG] assigning new lease to 'C=CH,
O=strongSwan, CN=android.wrtpoona.in'
May 5 16:37:22 slack14 charon: 10[IKE] assigning virtual IP
2604:8800:100:277::4 to peer 'C=CH, O=strongSwan, CN=android.wrtpoona.in'
May 5 16:37:22 slack14 charon: 10[IKE] building INTERNAL_IP4_DNS attribute
May 5 16:37:22 slack14 charon: 10[IKE] CHILD_SA IPSec-IKEv2{1} established
with SPIs c86e0c86_i ee9419f4_o and TS 0.0.0.0/0 2000::/3 ===
192.168.1.12/32 2604:8800:100:277::4/128
May 5 16:37:22 slack14 charon: 10[ENC] generating IKE_AUTH response 1 [ IDr
CERT AUTH CPRP(ADDR ADDR6 DNS) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP)
N(ADD_6_ADDR) ]
May 5 16:37:22 slack14 charon: 10[NET] sending packet: from
192.168.1.44[4500] to 106.221.210.5[61326] (1788 bytes)
May 5 16:37:24 slack14 charon: 01[NET] received packet: from
106.221.210.5[61326] to 192.168.1.44[4500] (1948 bytes)
May 5 16:37:24 slack14 charon: 01[ENC] parsed IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA
TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
May 5 16:37:24 slack14 charon: 01[IKE] received retransmit of request with
ID 1, retransmitting response
May 5 16:37:24 slack14 charon: 01[NET] sending packet: from
192.168.1.44[4500] to 106.221.210.5[61326] (1788 bytes)
May 5 16:37:25 slack14 charon: 09[NET] received packet: from
106.221.210.5[61326] to 192.168.1.44[4500] (76 bytes)
May 5 16:37:25 slack14 charon: 09[ENC] parsed INFORMATIONAL request 2 [
N(NO_ADD_ADDR) ]
May 5 16:37:25 slack14 charon: 09[ENC] generating INFORMATIONAL response 2
[ ]
May 5 16:37:25 slack14 charon: 09[NET] sending packet: from
192.168.1.44[4500] to 106.221.210.5[61326] (76 bytes)
Route on the android client(connection type=IKEv2 certificate):
root at falcon_umtsds:/ # uname -a
Linux localhost 3.4.42-g77cbf41 #1 SMP PREEMPT Fri Apr 17 13:33:28 PDT 2015
armv7l GNU/Linux
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ip6tables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
23391 2432K bw_INPUT all any any anywhere anywhere
23391 2432K fw_INPUT all any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 oem_fwd all any any anywhere anywhere
0 0 fw_FORWARD all any any anywhere
anywhere
0 0 bw_FORWARD all any any anywhere
anywhere
0 0 natctrl_FORWARD all any any anywhere
anywhere
Chain OUTPUT (policy ACCEPT 1 packets, 76 bytes)
pkts bytes target prot opt in out source
destination
25385 2609K oem_out all any any anywhere anywhere
25385 2609K fw_OUTPUT all any any anywhere anywhere
25385 2609K bw_OUTPUT all any any anywhere anywhere
Chain bw_FORWARD (1 references)
pkts bytes target prot opt in out source
destination
Chain bw_INPUT (1 references)
pkts bytes target prot opt in out source
destination
0 0 all any any anywhere anywhere
! quota globalAlert: 2097152 bytes
0 0 bw_costly_rmnet0 all rmnet0 any anywhere
anywhere
0 0 all any any anywhere anywhere
owner socket exists
Chain bw_OUTPUT (1 references)
pkts bytes target prot opt in out source
destination
0 0 all any any anywhere anywhere
! quota globalAlert: 2097152 bytes
0 0 bw_costly_rmnet0 all any rmnet0 anywhere
anywhere
25385 2609K all any any anywhere anywhere
owner socket exists
Chain bw_costly_rmnet0 (2 references)
pkts bytes target prot opt in out source
destination
0 0 bw_penalty_box all any any anywhere
anywhere
0 0 REJECT all any any anywhere anywhere
! quota rmnet0: 2444906480 bytes reject-with icmp6-port-unreachable
Chain bw_costly_shared (0 references)
pkts bytes target prot opt in out source
destination
0 0 bw_penalty_box all any any anywhere
anywhere
Chain bw_happy_box (0 references)
pkts bytes target prot opt in out source
destination
Chain bw_penalty_box (2 references)
pkts bytes target prot opt in out source
destination
Chain fw_FORWARD (1 references)
pkts bytes target prot opt in out source
destination
Chain fw_INPUT (1 references)
pkts bytes target prot opt in out source
destination
Chain fw_OUTPUT (1 references)
pkts bytes target prot opt in out source
destination
Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source
destination
Chain oem_fwd (1 references)
pkts bytes target prot opt in out source
destination
Chain oem_out (1 references)
pkts bytes target prot opt in out source
destination
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ip -6 route list table 220
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ip -s xfrm state
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ip xfrm state
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ip xfrm policy
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ipsec statusall
tmp-mksh: ipsec: not found
root at falcon_umtsds:/ # ifconfig tun0
tun0: ip 192.168.1.12 mask 255.255.255.255 flags [up point-to-point running]
root at falcon_umtsds:/ # ip r show table all
0.0.0.0/1 dev tun0 table tun0 proto static scope link
128.0.0.0/1 dev tun0 table tun0 proto static scope link
default via 100.73.147.80 dev rmnet0 table rmnet0 proto static
100.73.147.64/27 dev rmnet0 proto kernel scope link src 100.73.147.79
broadcast 100.73.147.64 dev rmnet0 table local proto kernel scope link
src 100.73.147.79
local 100.73.147.79 dev rmnet0 table local proto kernel scope host src
100.73.147.79
broadcast 100.73.147.95 dev rmnet0 table local proto kernel scope link
src 100.73.147.79
broadcast 127.0.0.0 dev lo table local proto kernel scope link src
127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src
127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src
127.0.0.1
local 192.168.1.12 dev tun0 table local proto kernel scope host src
192.168.1.12
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
2604:8800:100:277::4 dev tun0 table tun0 proto kernel metric 256
2000::/3 dev tun0 table tun0 proto static metric 1024
fe80::/64 dev tun0 table tun0 proto kernel metric 256
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
fe80::/64 dev rmnet0 table rmnet0 proto kernel metric 256
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
local ::1 via :: dev lo table local proto none metric 0
local 2604:8800:100:277::4 via :: dev lo table local proto none metric 0
local fe80::446c:c08b:4087:499e via :: dev lo table local proto none
metric 0
ff00::/8 dev rmnet0 table local metric 256
ff00::/8 dev tun0 table local metric 256
unreachable default dev lo table 0 proto kernel metric 4294967295 error
-101
root at falcon_umtsds:/ #
root at falcon_umtsds:/ # ping6 -c3 2604:8800:100:277::4
PING 2604:8800:100:277::4(2604:8800:100:277::4) 56 data bytes
64 bytes from 2604:8800:100:277::4: icmp_seq=1 ttl=64 time=1.82 ms
64 bytes from 2604:8800:100:277::4: icmp_seq=2 ttl=64 time=0.448 ms
64 bytes from 2604:8800:100:277::4: icmp_seq=3 ttl=64 time=0.576 ms
--- 2604:8800:100:277::4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.448/0.948/1.821/0.619 ms
root at falcon_umtsds:/ # ping6 -c3 2604:8800:100:277::2
PING 2604:8800:100:277::2(2604:8800:100:277::2) 56 data bytes
--- 2604:8800:100:277::2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2008ms
1|root at falcon_umtsds:/ # ping6 -c3 2604:8800:100:277::1
PING 2604:8800:100:277::1(2604:8800:100:277::1) 56 data bytes
--- 2604:8800:100:277::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2006ms
1|root at falcon_umtsds:/ # ping6 ipv6.google.com
PING ipv6.google.com(bom05s05-in-x0e.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4001ms
1|root at falcon_umtsds:/ # ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=2 ttl=127 time=156 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=127 time=144 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=127 time=144 ms
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3007ms
rtt min/avg/max/mdev = 144.333/148.382/156.068/5.455 ms
root at falcon_umtsds:/ # ping 192.168.1.44
PING 192.168.1.44 (192.168.1.44) 56(84) bytes of data.
64 bytes from 192.168.1.44: icmp_seq=1 ttl=64 time=151 ms
64 bytes from 192.168.1.44: icmp_seq=3 ttl=64 time=138 ms
64 bytes from 192.168.1.44: icmp_seq=4 ttl=64 time=147 ms
64 bytes from 192.168.1.44: icmp_seq=5 ttl=64 time=132 ms
^C
--- 192.168.1.44 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4004ms
rtt min/avg/max/mdev = 132.981/142.527/151.587/7.328 ms
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150505/90fa9af2/attachment-0001.html>
More information about the Users
mailing list