/gist:695aa734befe91228645f34e9594f2b2
Secret
Last active Aug 4, 2017
| altendky@tp:~/vpn$ sudo ./doit | |
| date | |
| + date | |
| Fri Aug 4 09:05:23 EDT 2017 | |
| #ipsec update | |
| ipsec restart | |
| + ipsec restart | |
| Stopping strongSwan IPsec... | |
| Starting strongSwan 5.3.5 IPsec [starter]... | |
| sleep 5 | |
| + sleep 5 | |
| ipsec statusall | |
| + ipsec statusall | |
| Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-42-generic, x86_64): | |
| uptime: 5 seconds, since Aug 04 09:05:25 2017 | |
| malloc: sbrk 1327104, mmap 0, used 324144, free 1002960 | |
| worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 | |
| loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown | |
| Listening IP addresses: | |
| 192.168.0.113 | |
| Connections: | |
| natt: %any...xxx.xxx.244.59 IKEv2 | |
| natt: local: uses pre-shared key authentication | |
| natt: remote: [xxx.xxx.244.59] uses pre-shared key authentication | |
| natt: child: dynamic === 192.168.1.0/24 TUNNEL | |
| Security Associations (0 up, 0 connecting): | |
| none | |
| #ipsec up sonicwall | |
| ipsec up natt | |
| + ipsec up natt | |
| initiating IKE_SA natt[1] to xxx.xxx.244.59 | |
| generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] | |
| sending packet: from 192.168.0.113[500] to xxx.xxx.244.59[500] (1124 bytes) | |
| received packet: from xxx.xxx.244.59[500] to 192.168.0.113[500] (449 bytes) | |
| parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ N(NATD_S_IP) N(NATD_D_IP) V ] | |
| received unknown vendor ID: 2a:67:75:d0:ad:2a:a7:88:7c:33:fe:1d:68:ba:f3:08:96:6f:00:01 | |
| local host is behind NAT, sending keep alives | |
| no IDi configured, fall back on IP address | |
| authentication of '192.168.0.113' (myself) with pre-shared key | |
| establishing CHILD_SA natt | |
| generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) ] | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| retransmit 1 of request with message ID 1 | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| retransmit 2 of request with message ID 1 | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| retransmit 3 of request with message ID 1 | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| retransmit 4 of request with message ID 1 | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| retransmit 5 of request with message ID 1 | |
| sending packet: from 192.168.0.113[4500] to xxx.xxx.244.59[4500] (380 bytes) | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| sending keep alive to xxx.xxx.244.59[4500] | |
| giving up after 5 retransmits | |
| establishing IKE_SA failed, peer not responding | |
| establishing connection 'natt' failed | |
| ipsec statusall | |
| + ipsec statusall | |
| Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-42-generic, x86_64): | |
| uptime: 2 minutes, since Aug 04 09:05:24 2017 | |
| malloc: sbrk 2543616, mmap 0, used 344832, free 2198784 | |
| worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1 | |
| loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown | |
| Listening IP addresses: | |
| 192.168.0.113 | |
| Connections: | |
| natt: %any...xxx.xxx.244.59 IKEv2 | |
| natt: local: uses pre-shared key authentication | |
| natt: remote: [xxx.xxx.244.59] uses pre-shared key authentication | |
| natt: child: dynamic === 192.168.1.0/24 TUNNEL | |
| Security Associations (0 up, 0 connecting): | |
| none | |
| cat /etc/ipsec.conf | |
| + cat /etc/ipsec.conf | |
| # ipsec.conf - strongSwan IPsec configuration file | |
| # basic configuration | |
| config setup | |
| conn %default | |
| ikelifetime=60m | |
| keylife=20m | |
| rekeymargin=3m | |
| keyingtries=1 | |
| keyexchange=ikev2 | |
| authby=secret | |
| conn natt | |
| left=%defaultroute | |
| leftfirewall=yes | |
| right=xxx.xxx.244.59 | |
| rightsubnet=192.168.1.0/24 | |
| auto=add | |
| cat /etc/ipsec.secrets | |
| + cat /etc/ipsec.secrets | |
| # This file holds shared secrets or RSA private keys for authentication. | |
| # RSA private key for this host, authenticating it to any other host | |
| # which knows the public part. | |
| 192.168.0.113 : PSK redactedsecret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment