[strongSwan] Security Associations
Andreas Steffen
andreas.steffen at strongswan.org
Thu Apr 6 13:24:53 CEST 2017
Hi Filip,
since you set up an IP route policy in the kernel, the first IP packet
from the 192.168.3.0/26 subnet with destination 10.2.0.0/24 will
trigger the IKEv2 negotiation an set up the active tunnel.
Regards
Andreas
On 06.04.2017 13:06, Filip Maroul wrote:
> Hello today I start configuring strangswan as net2net witj IKEv2. I
> think everything works so far and heve this ipsec statusall:
>
> Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64,
> x86_64):
> uptime: 17 minutes, since Apr 06 11:09:15 2017
> malloc: sbrk 1462272, mmap 0, used 298784, free 1163488
> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
> loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509
> revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
> pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve
> socket-default stroke updown
> Listening IP addresses:
> 192.168.100.200
> 192.168.3.59
> Connections:
> net-net: 192.168.100.200...192.168.101.154 IKEv2
> net-net: local: [neptun.test.local] uses pre-shared key
> authentication
> net-net: remote: [pluto.test.local] uses pre-shared key
> authentication
> net-net: child: 192.168.3.0/26 === 10.2.0.0/24 TUNNEL
> Routed Connections:
> net-net{1}: ROUTED, TUNNEL
> net-net{1}: 192.168.3.0/26 === 10.2.0.0/24
> Security Associations (0 up, 0 connecting):
> none
>
> Problem is I have no SA Associations.
>
>
> I attach conf file from both sites. I have strongswan 5.2.1 on Debian 8 x64
>
> Thank you for any help.
>
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[INS-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170406/b2858e96/attachment.bin>
More information about the Users
mailing list