[strongSwan] "%d" of initiator_id of load-tester does not start from 1 but 2.
李 冠群
pluto851031 at hotmail.com
Tue Feb 27 08:39:25 CET 2018
Hi all,
I am facing a problem of load-tester that "%d" of initiator_id didnot start from 1, but from 2.
--------
initiator_id = tester%d at strongswan.org
--------
Below are the configuration of load-tester and the status of the ipsec tunnels.
From the "ipsec statuall" you can find that initiator id started from "tester2 at strongswan.org",
and the private address also started from "10.254.32.2/32".
I suspect that any internal behavior has used "tester1 at strongswan.org",
or any configuration caused the initiator_id started from "2".
Can anyone give me some advice ?
Any comment will be appreciated.
If further info is needed, please let me know.
------------- configuration ------------
root at tester1:/usr/local/etc# cat strongswan.conf
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
reuse_ikesa=yes
load_modular=yes
plugins {
include strongswan.d/charon/*.conf
load-tester {
enable = yes
responder = 192.168.0.6
proposal = aes128-sha1-modp1024
initiator_id = tester%d at strongswan.org
initiator_match = *@strongswan.org
initiator_auth = eap-aka
responder_auth = psk
responder_id = strongswan.org
initiator_tsr = 10.65.0.0/18
esp = aes128-sha1
addrs { ens4 = 10.64.0.1/18 }
addrs_prefix = 16
request_virtual_ip = yes
ike_rekey = 25200
child_rekey = 28800
delete_after_established = no
shutdown_when_complete = no
}
}
---------------------------------------
root at tester1:/usr/local/etc#ipsec statusall
Listening IP addresses:
10.59.128.33
10.64.127.253
Connections:
load-test: 192.168.0.6...0.0.0.0 IKEv1/2
load-test: local: [strongswan.org] uses pre-shared key authentication
load-test: remote: [*@strongswan.org] uses EAP_AKA authentication
load-test: child: 10.65.0.0/18 === dynamic TUNNEL
Security Associations (5 up, 0 connecting):
load-test[5]: ESTABLISHED 6 seconds ago, 10.64.0.5[tester6 at strongswan.org]...192.168.0.6[strongswan.org]
load-test[5]: IKEv2 SPIs: 66a396f7c9e152c1_i* e1200a4eb1b5f253_r, rekeying in 6 hours
load-test[5]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
load-test{6}: INSTALLED, TUNNEL, reqid 5, ESP SPIs: c5ef7bad_i 0015790e_o
load-test{6}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
load-test{6}: 10.254.32.6/32 === 10.65.0.0/18
load-test[4]: ESTABLISHED 10 seconds ago, 10.64.0.4[tester5 at strongswan.org]...192.168.0.6[strongswan.org]
load-test[4]: IKEv2 SPIs: 15455d79dbc1b476_i* cb3974e5683d2f37_r, rekeying in 6 hours
load-test[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
load-test{4}: INSTALLED, TUNNEL, reqid 4, ESP SPIs: c31265b7_i 001353b9_o
load-test{4}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
load-test{4}: 10.254.32.5/32 === 10.65.0.0/18
load-test[3]: ESTABLISHED 13 seconds ago, 10.64.0.3[tester4 at strongswan.org]...192.168.0.6[strongswan.org]
load-test[3]: IKEv2 SPIs: bbfa251802593dc9_i* 84935f6a6411adf6_r, rekeying in 6 hours
load-test[3]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
load-test{3}: INSTALLED, TUNNEL, reqid 3, ESP SPIs: c1625dab_i 00132117_o
load-test{3}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
load-test{3}: 10.254.32.4/32 === 10.65.0.0/18
load-test[2]: ESTABLISHED 16 seconds ago, 10.64.0.2[tester3 at strongswan.org]...192.168.0.6[strongswan.org]
load-test[2]: IKEv2 SPIs: ca01109e85be6828_i* 2ea11c57bd317fe2_r, rekeying in 6 hours
load-test[2]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
load-test{2}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c003619c_i 001423af_o
load-test{2}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
load-test{2}: 10.254.32.3/32 === 10.65.0.0/18
load-test[1]: ESTABLISHED 19 seconds ago, 10.64.0.1[tester2 at strongswan.org]...192.168.0.6[strongswan.org]
load-test[1]: IKEv2 SPIs: 208894470b3f7123_i* 2b2b934095b76978_r, rekeying in 6 hours
load-test[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
load-test{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c5900c71_i 001457a4_o
load-test{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours
load-test{1}: 10.254.32.2/32 === 10.65.0.0/18
root at tester1:/usr/local/etc#
---------------------------------------
Regards,
Pluto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180227/f08d106d/attachment.html>
More information about the Users
mailing list