[strongSwan] No traffic through strong swan

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Oct 26 14:37:15 CEST 2018 

Hello Frank,

>        auto=add


You configured that the tunnel configuration should only be loaded, not started or routed.

Set auto=route to install the necessary trap policies and then manually up the tunnel. If it fails, read the output and figure out what is wrong.

The HelpRequests[1] is a good starting point.


Kind regards


Noel


[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests



Am 25.10.18 um 15:36 schrieb Frank Uccello:
>
> I am setup a site to site vpn to one my vendors they have Cisco ASA ios 9.x
>
>  
>
> They gave me a sample of config file but its not send any traffic to them
>
>  
>
> Here is what I have
>
>  
>
> config setup
>
>  
>
> conn vpn_tunnel
>
>     compress=no
>
>     type=tunnel
>
>     authby=secret
>
>     forceencaps=yes
>
>     auto=start
>
>     rekey=yes
>
>  
>
>  
>
>         ikelifetime=28800s
>
>         keylife=3600s
>
>         rekeymargin=3m
>
>         keyingtries=1
>
>         keyexchange=ike
>
>         authby=secret
>
>  
>
> # conn ciscoios
>
>         left=192.168.x.x
>
>         leftsubnet=192.168.x.x/32         #network behind strongswan
>
>         leftid=23.xxx.xxx.175                #IKEID sent by strongswan
>
>         leftfirewall=yes
>
>         right=206.xxxx.xxx.134                 #IOS outside address
>
>         rightsubnet=206.xxx.xxx.161/32        #network behind IOS
>
>         rightid=206.xxx.xxx.134               #IKEID sent by IOS
>
>         auto=add
>
>         ike=aes256-sha1-modp1024
>
>         esp=aes128-sha1                   #P2
>
>  
>
> What might I be missing here is the ipsec status
>
>  
>
> Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-1025-azure, x86_64):
>
>   uptime: 2 minutes, since Oct 25 13:24:22 2018
>
>   malloc: sbrk 1482752, mmap 0, used 465360, free 1017392
>
>   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
>
>   loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
>
> Listening IP addresses:
>
> 192.168.x.x
>
> Connections:
>
>   vpn_tunnel:  192.168.x.x...206.xxx.xxx.134  IKEv1/2
>
>   vpn_tunnel:   local:  [23.xx.xxx.175] uses pre-shared key authentication
>
>   vpn_tunnel:   remote: [206.xxx.xx.134] uses pre-shared key authentication
>
>   vpn_tunnel:   child:  172.xxx.xxx.4/32 === 206.xxx.xxxx.161/32 TUNNEL
>
> Security Associations (0 up, 0 connecting):
>
>   None
>
>  
>
>  
>
> And finally here my secrets  file
>
> 23.xxx.xxx.175  : PSK "MyBigSecert key"
>
> 206.xxx.xxxx.161 : PSK " MyBigSecert key "
>
>  
>
>  
>
>  
>
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
>
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181026/61d54c15/attachment.sig>

More information about the Users mailing list