[strongSwan] Cannot pass the traffic through the established tunnel.

Sujoy sujoy.b at mindlogicx.com
Wed Apr 4 10:58:58 CEST 2018 

Hi list members,

  I am facing one issue with Strongswan for quite long time. I want to 
block all the traffic(http) and pass only the traffic of connected 
network. But after so many try, still I cannot do so. Bellow is the 
configuration status of the Server which is having multiple connection. 
It will be a big help if someone can provide any solution to this. 
Thanks for the support provide till now from the members.



root at cloud:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.4.0-116-generic, 
x86_64):
   uptime: 19 hours, since Apr 03 18:02:13 2018
   malloc: sbrk 2703360, mmap 0, used 570192, free 2133168
   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, 
scheduled: 12
   loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce 
x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey 
sshkey pem openssl fips-prf gmp curve25519 xcbc cmac hmac curl attr 
kernel-netlink resolve socket-default stroke vici updown xauth-generic 
counters
Listening IP addresses:
   172.25.12.42
Connections:
       tunnel:  %any...%any  IKEv2, dpddelay=30s
       tunnel:   local:  uses pre-shared key authentication
       tunnel:   remote: uses pre-shared key authentication
       tunnel:   child:  0.0.0.0/0 === 0.0.0.0/0 TUNNEL, dpdaction=clear
Security Associations (2 up, 0 connecting):
       tunnel[6]: ESTABLISHED 66 minutes ago, 
172.25.12.42[X.X.X.X]...223.227.10.138[192.168.1.100]
       tunnel[6]: IKEv2 SPIs: 1e596ccc27d7939a_i c459f660671c3952_r*, 
pre-shared key reauthentication in 101 minutes
       tunnel[6]: IKE proposal: 
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
       tunnel{16}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: 
cc167350_i c722bb0f_o
       tunnel{16}:  AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, 
rekeying in 35 minutes
       tunnel{16}:   X.X.X.X/32 === 192.168.10.1/32
       tunnel[5]: ESTABLISHED 76 minutes ago, 
172.25.12.42[X.X.X.X]...27.59.17.206[192.168.2.100]
       tunnel[5]: IKEv2 SPIs: 6bac8f644b19cf85_i 07c5f9254cda6720_r*, 
pre-shared key reauthentication in 90 minutes
       tunnel[5]: IKE proposal: 
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
       tunnel{17}:  INSTALLED, TUNNEL, reqid 3, ESP in UDP SPIs: 
c3015f13_i ce6ea6b8_o
       tunnel{17}:  AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, 
rekeying in 36 minutes
       tunnel{17}:   X.X.X.X/32 === 192.168.10.1/32
-- 

Thanks
Sujoy

More information about the Users mailing list