Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
altendky@tp:~/vpn$ sudo ./doit
date
+ date
Fri Aug 4 09:05:23 EDT 2017
#ipsec update
ipsec restart
+ ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.3.5 IPsec [starter]...
sleep 5
+ sleep 5
ipsec statusall
+ ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-42-generic, x86_64):
uptime: 5 seconds, since Aug 04 09:05:25 2017
malloc: sbrk 1327104, mmap 0, used 324144, free 1002960
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Listening IP addresses:
192.168.0.113
Connections:
natt: %any...xxx.xxx.244.59 IKEv2
natt: local: uses pre-shared key authentication
natt: remote: [xxx.xxx.244.59] uses pre-shared key authentication
natt: child: dynamic === 192.168.1.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
none
#ipsec up sonicwall
ipsec up natt
+ ipsec up natt
initiating IKE_SA natt[1] to xxx.xxx.244.59
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
sending packet: from 192.168.0.113[500] to xxx.xxx.244.59[500] (1124 bytes)
received packet: from xxx.xxx.244.59[500] to 192.168.0.113[500] (449 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ N(NATD_S_IP) N(NATD_D_IP) V ]
received unknown vendor ID: 2a:67:75:d0:ad:2a:a7:88:7c:33:fe:1d:68:ba:f3:08:96:6f:00:01
local host is behind NAT, sending keep alives
no IDi configured, fall back on IP address
authentication of '192.168.0.113' (myself) with pre-shared key
establishing CHILD_SA natt
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) ]
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
retransmit 1 of request with message ID 1
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
retransmit 2 of request with message ID 1
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
retransmit 3 of request with message ID 1
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
sending keep alive to xxx.xxx.244.59[4500]
retransmit 4 of request with message ID 1
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
sending keep alive to xxx.xxx.244.59[4500]
sending keep alive to xxx.xxx.244.59[4500]
retransmit 5 of request with message ID 1
sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes)
sending keep alive to xxx.xxx.244.59[4500]
sending keep alive to xxx.xxx.244.59[4500]
sending keep alive to xxx.xxx.244.59[4500]
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding
establishing connection 'natt' failed
ipsec statusall
+ ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-42-generic, x86_64):
uptime: 2 minutes, since Aug 04 09:05:24 2017
malloc: sbrk 2543616, mmap 0, used 344832, free 2198784
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Listening IP addresses:
192.168.0.113
Connections:
natt: %any...xxx.xxx.244.59 IKEv2
natt: local: uses pre-shared key authentication
natt: remote: [xxx.xxx.244.59] uses pre-shared key authentication
natt: child: dynamic === 192.168.1.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
none
cat /etc/ipsec.conf
+ cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
authby=secret
conn natt
left=%defaultroute
leftfirewall=yes
right=xxx.xxx.244.59
rightsubnet=192.168.1.0/24
auto=add
cat /etc/ipsec.secrets
+ cat /etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
192.168.0.113 : PSK redactedsecret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment