[strongSwan] No traffic through strong swan

Frank Uccello frank.uccello at borrowell.com
Thu Oct 25 15:36:26 CEST 2018 

I am setup a site to site vpn to one my vendors they have Cisco ASA ios 9.x

They gave me a sample of config file but its not send any traffic to them

Here is what I have

config setup

conn vpn_tunnel
    compress=no
    type=tunnel
    authby=secret
    forceencaps=yes
    auto=start
    rekey=yes


        ikelifetime=28800s
        keylife=3600s
        rekeymargin=3m
        keyingtries=1
        keyexchange=ike
        authby=secret

# conn ciscoios
        left=192.168.x.x
        leftsubnet=192.168.x.x/32         #network behind strongswan
        leftid=23.xxx.xxx.175                #IKEID sent by strongswan
        leftfirewall=yes
        right=206.xxxx.xxx.134                 #IOS outside address
        rightsubnet=206.xxx.xxx.161/32        #network behind IOS
        rightid=206.xxx.xxx.134               #IKEID sent by IOS
        auto=add
        ike=aes256-sha1-modp1024
        esp=aes128-sha1                   #P2

What might I be missing here is the ipsec status 

Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-1025-azure, x86_64):
  uptime: 2 minutes, since Oct 25 13:24:22 2018
  malloc: sbrk 1482752, mmap 0, used 465360, free 1017392
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
192.168.x.x
Connections:
  vpn_tunnel:  192.168.x.x...206.xxx.xxx.134  IKEv1/2
  vpn_tunnel:   local:  [23.xx.xxx.175] uses pre-shared key authentication
  vpn_tunnel:   remote: [206.xxx.xx.134] uses pre-shared key authentication
  vpn_tunnel:   child:  172.xxx.xxx.4/32 === 206.xxx.xxxx.161/32 TUNNEL
Security Associations (0 up, 0 connecting):
  None


And finally here my secrets  file
23.xxx.xxx.175  : PSK "MyBigSecert key"
206.xxx.xxxx.161 : PSK " MyBigSecert key "



Sent from Mail for Windows 10

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181025/c65539af/attachment-0001.html>

More information about the Users mailing list