[strongSwan] strongswan not picking up traffic

Chengcheng Fu terryfcc at icloud.com
Wed Sep 13 18:27:12 CEST 2017 

Hi,

I'm trying to setup a GRE over IPSec.

I have the GRE working, but Strongswan wouldn't pickup the gre traffic and encrypt it.

Following is my topology

hub 192.168.23.193 - 192.168.23.203 spoke


And here are my output.
Hub side:
Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64):
uptime: 108 seconds, since Sep 14 00:23:00 2017
malloc: sbrk 2027520, mmap 0, used 273392, free 1754128
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic
Listening IP addresses:
192.168.23.193
192.168.34.1
Connections:
host-host: 192.168.23.193...%any IKEv2
host-host: local: [192.168.23.193] uses pre-shared key authentication
host-host: remote: uses pre-shared key authentication
host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT
Security Associations (0 up, 0 connecting):
none



Spoke side:
Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64):
uptime: 4 seconds, since Sep 14 00:17:44 2017
malloc: sbrk 2289664, mmap 0, used 287184, free 2002480
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic
Listening IP addresses:
192.168.23.203
192.168.34.3
Connections:
host-host: 192.168.23.203...192.168.23.193 IKEv2
host-host: local: [192.168.23.203] uses pre-shared key authentication
host-host: remote: [192.168.23.193] uses pre-shared key authentication
host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT
Security Associations (0 up, 0 connecting):
none



Any thoughts?

Regards,

Terry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170913/8765d1b5/attachment.html>

More information about the Users mailing list