[strongSwan] No traffic through strong swan

IL Ka kazakevichilya at gmail.com
Fri Oct 26 14:31:07 CEST 2018 

Hello.
Here is problem:
"Security Associations (0 up, 0 connecting):"
No SA stablished.

I suggest to run ipsec as "ipsec start --nofork --debug-all" and read
output carefully or provide it here.



On Fri, Oct 26, 2018 at 10:48 AM Frank Uccello <frank.uccello at borrowell.com>
wrote:

> I am setup a site to site vpn to one my vendors they have Cisco ASA ios 9.x
>
>
>
> They gave me a sample of config file but its not send any traffic to them
>
>
>
> Here is what I have
>
>
>
> config setup
>
>
>
> conn vpn_tunnel
>
>     compress=no
>
>     type=tunnel
>
>     authby=secret
>
>     forceencaps=yes
>
>     auto=start
>
>     rekey=yes
>
>
>
>
>
>         ikelifetime=28800s
>
>         keylife=3600s
>
>         rekeymargin=3m
>
>         keyingtries=1
>
>         keyexchange=ike
>
>         authby=secret
>
>
>
> # conn ciscoios
>
>         left=192.168.x.x
>
>         leftsubnet=192.168.x.x/32         #network behind strongswan
>
>         leftid=23.xxx.xxx.175                #IKEID sent by strongswan
>
>         leftfirewall=yes
>
>         right=206.xxxx.xxx.134                 #IOS outside address
>
>         rightsubnet=206.xxx.xxx.161/32        #network behind IOS
>
>         rightid=206.xxx.xxx.134               #IKEID sent by IOS
>
>         auto=add
>
>         ike=aes256-sha1-modp1024
>
>         esp=aes128-sha1                   #P2
>
>
>
> What might I be missing here is the ipsec status
>
>
>
> Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-1025-azure,
> x86_64):
>
>   uptime: 2 minutes, since Oct 25 13:24:22 2018
>
>   malloc: sbrk 1482752, mmap 0, used 465360, free 1017392
>
>   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
>
>   loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce
> x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey
> sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink
> resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
> counters
>
> Listening IP addresses:
>
> 192.168.x.x
>
> Connections:
>
>   vpn_tunnel:  192.168.x.x...206.xxx.xxx.134  IKEv1/2
>
>   vpn_tunnel:   local:  [23.xx.xxx.175] uses pre-shared key authentication
>
>   vpn_tunnel:   remote: [206.xxx.xx.134] uses pre-shared key authentication
>
>   vpn_tunnel:   child:  172.xxx.xxx.4/32 === 206.xxx.xxxx.161/32 TUNNEL
>
> Security Associations (0 up, 0 connecting):
>
>   None
>
>
>
>
>
> And finally here my secrets  file
>
> 23.xxx.xxx.175  : PSK "MyBigSecert key"
>
> 206.xxx.xxxx.161 : PSK " MyBigSecert key "
>
>
>
>
>
>
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for
> Windows 10
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181026/d8c42137/attachment.html>

More information about the Users mailing list