[strongSwan] Simple IPsec host-host test

Noel Kuntze noel.kuntze at thermi.consulting
Fri May 28 17:12:13 CEST 2021


Hello Hoss,

Well, the first two just load settings from the config files, the latter starts the connection.
You specified start_action=trap in the child section, so the kernel tells the daemon when
to up the child (that is the case when there's no IPsec state for the matched trap policy).

I presume up to now you either did not have the config loaded, did not read the log to see if the daemon did anything,
or there simply was no traffic that needed to be processed.

Kind regards
Noel

Am 28.05.21 um 16:57 schrieb H Yavari:
> Hi Noel,
>
> Thanks for the reply.
> I resolved the issue with running the swanctl -c and swanctl -q then swanctl -i --child host-host
>
> it is the correct way?
>
> Regards,
> Hoss
>
>
> On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze <noel.kuntze+strongswan-users-ml at thermi.consulting> wrote:
>
>
> Hello Hoss,
>
> What do you expect to happen?
> What exactly did you do up to this point?
>
> Kind regards
> Noel
>
> Am 27.05.21 um 19:20 schrieb H Yavari:
> > Hi to all,
> >
> > I did a simple configuration based on test samples for two ec2 on AWS, but nothing happens between the two machines. What I am missing?
> >
> > (10.0.0.30) Sun <=======> Moon (10.0.0.20)
> >
> > connections {
> >
> >     host-host {
> >        remote_addrs = 10.0.0.20
> >
> >        local {
> >           auth = psk
> >           id = sun.strongswan.org
> >        }
> >        remote {
> >           auth = psk
> >           id = moon.strongswan.org
> >        }
> >        children {
> >           host-host {
> >                  start_action = trap
> >           }
> >        }
> >     }
> > }
> > secrets {
> >     ike-1 {
> >        id-moon = moon.strongswan.org
> >        id-sun = sun.strongswan.org
> >        secret = 0sv+NkxY9LLZvwj4q
> >     }
> > }
> >
> >
> > ------------
> >
> >
> >
> > connections {
> >
> >     host-host {
> >        remote_addrs = 10.0.0.30
> >
> >        local {
> >           auth = psk
> >           id = moon.strongswan.org
> >        }
> >        remote {
> >           auth = psk
> >           id = sun.strongswan.org
> >        }
> >        children {
> >           host-host {
> >                  start_action = start
> >           }
> >        }
> >     }
> > }
> >
> > secrets {
> >     ike-1 {
> >        id-1 = moon.strongswan.org
> >        secret = 0x45a30759df97dc26a15b88ff
> >     }
> >     ike-2 {
> >        id-2 = sun.strongswan.org
> >        secret = "This is a strong password"
> >     }
> >     ike-3 {
> >        id-3a = moon.strongswan.org
> >        id-3b = sun.strongswan.org
> >        secret = 0sv+NkxY9LLZvwj4q
> >     }
> >     ike-4 {
> >        secret = 'My "home" is my "castle"!'
> >     }
> >     ike-5 {
> >       id-5 = 10.0.0.20
> >       secret = "Andi's home"
> >     }
> > }
> >
> >
> > EC2 : Debian
> > Version: 5.7.2
> >
> > Thanks.
> >
> > BR
> > Hoss
> >
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210528/fc0f9190/attachment.sig>


More information about the Users mailing list