Created
April 29, 2014 14:45
-
-
Save aep/11402520 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # basic configuration | |
| config setup | |
| # nat_traversal=yes | |
| # Connections into AWS VPC | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev2 | |
| authby=secret | |
| conn us-east-1-vpc | |
| left=%any | |
| leftid=aep | |
| leftfirewall=yes | |
| right=54.72.251.51 | |
| rightsubnet=172.31.6.212/20 | |
| rightid=@us-east-gw.example.com | |
| auto=start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[CFG] looking for peer configs matching 172.31.6.212[us-east-gw.example.com]...78.55.52.47[aep] | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[CFG] selected peer config 'client' | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] authentication of 'aep' with pre-shared key successful | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] peer supports MOBIKE | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] authentication of 'us-east-gw.example.com' (myself) with pre-shared key | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] IKE_SA client[1] established between 172.31.6.212[us-east-gw.example.com]...78.55.52.47[aep] | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] scheduling reauthentication in 9831s | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] maximum IKE_SA lifetime 10371s | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] traffic selectors 172.31.0.0/20 === 192.168.1.130/32 inacceptable | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[IKE] failed to establish CHILD_SA, keeping IKE_SA | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(TS_UNACCEPT) ] | |
| Apr 29 14:44:12 ip-172-31-6-212 charon: 12[NET] sending packet: from 172.31.6.212[4500] to 78.55.52.47[4500] (172 bytes) | |
| Apr 29 14:44:32 ip-172-31-6-212 charon: 04[IKE] sending keep alive to 78.55.52.47[4500] | |
| Apr 29 14:44:52 ip-172-31-6-212 charon: 15[IKE] sending keep alive to 78.55.52.47[4500] | |
| Apr 29 14:45:12 ip-172-31-6-212 charon: 16[IKE] sending keep alive to 78.55.52.47[4500] | |
| Apr 29 14:45:32 ip-172-31-6-212 charon: 02[IKE] sending keep alive to 78.55.52.47[4500] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config setup | |
| # strictcrlpolicy=yes | |
| # uniqueids = no | |
| conn client | |
| authby=secret | |
| # The leftid parameter is not a real DNS name | |
| leftid=us-east-gw.example.com | |
| # The "left" parameter is the gateway's private IP | |
| left=172.31.6.212 | |
| leftsubnet=172.31.6.212/20 | |
| # We are protecting the entire VPC, not just this subnet | |
| leftfirewall=yes | |
| right=%any | |
| # The virtual IP pool is outside the VPC! | |
| auto=add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment