Strongswan Logs

addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd01::3/128 scope global nodad 
       valid_lft forever preferred_lft forever
    inet6 2a00::e4df/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 315359984sec preferred_lft 315359984sec
    inet6 fdaa::e4df/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::e4df/64 scope link 
       valid_lft forever preferred_lft forever

ping

PING fd01::3(fd01::3) 56 data bytes
64 bytes from fd01:: icmp_seq=1 ttl=63 time=306 ms
64 bytes from fd01:: icmp_seq=2 ttl=63 time=6.64 ms
64 bytes from fd01:: icmp_seq=3 ttl=63 time=8.02 ms

--- fd01::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 6.636/106.842/305.875/140.738 ms

route-table

fd01::/64 via 2a00::280e dev wlp3s0 table 220 proto static src fd01::3 metric 1024 pref medium
fdaa:::/64 via 2a00::280e dev wlp3s0 table 220 proto static src fd01::3 metric 1024 pref medium
::1 dev lo proto kernel metric 256 pref medium
2a00:::/64 dev wlp3s0 proto ra metric 303 mtu 1488 pref medium
fd01::3 dev wlp3s0 proto kernel metric 256 pref medium
fdaa:::/64 dev wlp3s0 proto ra metric 303 mtu 1488 pref medium
fe80::/64 dev wlp3s0 proto kernel metric 256 pref medium
default via fe80::44af dev wlp3s0 proto ra metric 303 mtu 1488 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local 2a00::e4df dev wlp3s0 table local proto kernel metric 0 pref medium
local fd01::3 dev wlp3s0 table local proto kernel metric 0 pref medium
local fdaa::e4df dev wlp3s0 table local proto kernel metric 0 pref medium
local fe80::e4df dev wlp3s0 table local proto kernel metric 0 pref medium
ff00::/8 dev wlp3s0 table local metric 256 pref medium
ff00::/8 dev enp4s0 table local metric 256 linkdown pref medium

sas

home: #3, ESTABLISHED, IKEv2, f89893cc0b8199b3_i* edcd48fb05ed9dbc_r
  local  'C=GB, ST=London, O=Kai Wohlfahrt, CN=prodo-laptop.vpn' @ 2a00::e4df[4500] [fd01::3]
  remote 'C=GB, ST=London, O=Kai Wohlfahrt, CN=pi.home' @ 2a00::280e[4500]
  AES_CBC-128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
  established 2856s ago, rekeying in 11253s
  home: #11, reqid 3, INSTALLED, TUNNEL, ESP:AES_CBC-128/HMAC_SHA2_256_128
    installed 2932s ago, rekeying in 310s, expires in 1028s
    in  ca3ac5ca,   6480 bytes,    63 packets,     6s ago
    out c0a4e6ee,  11136 bytes,   113 packets,     7s ago
    local  fd01::3/128
    remote fd01::/64 fdaa:::/64

swanctl.conf

authorities {
  root {
    cacert = /nix/store/665hpci9bhlkhwrw816mx3yld33n95qm-cert.pem
  }
}
connections {
  fritz-box {
    children {
      fritz-box {
        remote_ts = fd00::/64,fd02::/64
        updown = /nix/store/y8z4hfa289pdfn7zbzggj6a2pc51sn04-strongswan-5.8.1/libexec/ipsec/_updown iptables
      }
      home {
        remote_ts = fdaa:::/64,fd01::/64
        updown = /nix/store/y8z4hfa289pdfn7zbzggj6a2pc51sn04-strongswan-5.8.1/libexec/ipsec/_updown iptables
      }
    }
    dpd_delay = 30s
    local-0 {
      certs = /nix/store/97z0hmmb0ym74z614r1brm76rkmc7sgk-cert.pem,/nix/store/r0z74xq1823dbn80bqbllkkb5s6sfcx1-prodo-laptop.vpn.cert.pem
      id = C=GB, ST=London, O=Kai Wohlfahrt, CN=prodo-laptop.vpn
    }
    remote-0 {
      id = C=GB, ST=London, O=Kai Wohlfahrt, CN=impala.fritz.box
    }
    remote_addrs = impala.fritz.box
    version = 2
    vips = ::
  }
  home {
    children {
      fritz-box {
        remote_ts = fd00::/64,fd02::/64
        updown = /nix/store/y8z4hfa289pdfn7zbzggj6a2pc51sn04-strongswan-5.8.1/libexec/ipsec/_updown iptables
      }
      home {
        remote_ts = fdaa:::/64,fd01::/64
        updown = /nix/store/y8z4hfa289pdfn7zbzggj6a2pc51sn04-strongswan-5.8.1/libexec/ipsec/_updown iptables
      }
    }
    dpd_delay = 30s
    local-0 {
      certs = /nix/store/97z0hmmb0ym74z614r1brm76rkmc7sgk-cert.pem,/nix/store/r0z74xq1823dbn80bqbllkkb5s6sfcx1-prodo-laptop.vpn.cert.pem
      id = C=GB, ST=London, O=Kai Wohlfahrt, CN=prodo-laptop.vpn
    }
    remote-0 {
      id = C=GB, ST=London, O=Kai Wohlfahrt, CN=pi.home
    }
    remote_addrs = pi.home
    version = 2
    vips = ::
  }
}

uname

Linux prodo-laptop 5.4.41 #1-NixOS SMP Thu May 14 05::30 UTC 2020 x86_64 GNU/Linux

xfrm-policy

src fd01::3/128 dst fdaa:::/64 
	dir out priority 301695 
	tmpl src 2a00::e4df dst 2a00::280e
		proto esp spi 0xc0a4e6ee reqid 3 mode tunnel
src fd01::3/128 dst fd01::/64 
	dir out priority 301695 
	tmpl src 2a00::e4df dst 2a00::280e
		proto esp spi 0xc0a4e6ee reqid 3 mode tunnel
src fdaa:::/64 dst fd01::3/128 
	dir fwd priority 301695 
	tmpl src 2a00::280e dst 2a00::e4df
		proto esp reqid 3 mode tunnel
src fdaa:::/64 dst fd01::3/128 
	dir in priority 301695 
	tmpl src 2a00::280e dst 2a00::e4df
		proto esp reqid 3 mode tunnel
src fd01::/64 dst fd01::3/128 
	dir fwd priority 301695 
	tmpl src 2a00::280e dst 2a00::e4df
		proto esp reqid 3 mode tunnel
src fd01::/64 dst fd01::3/128 
	dir in priority 301695 
	tmpl src 2a00::280e dst 2a00::e4df
		proto esp reqid 3 mode tunnel
src ::/0 dst ::/0 
	socket in priority 0 
src ::/0 dst ::/0 
	socket out priority 0 
src ::/0 dst ::/0 
	socket in priority 0 
src ::/0 dst ::/0 
	socket out priority 0 

xfrm-state

src 2a00::e4df dst 2a00::280e
	proto esp spi 0xc0a4e6ee reqid 3 mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha256) 0x06c0a51999bb2a94adbf2ec03062f96fd9a09841a2e3940d4a347cdb8940c23c 128
	enc cbc(aes) 0xdf306ec6bb5bc85e35738504fb7dbdfb
	anti-replay context: seq 0x0, oseq 0x71, bitmap 0x00000000
src 2a00::280e dst 2a00::e4df
	proto esp spi 0xca3ac5ca reqid 3 mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha256) 0x5bdd6be4b2c827779cf57c1306b48a18ed48c6e461956d2b69e0ab38781ca76b 128
	enc cbc(aes) 0x1c5ae7c35ecc9612205ef7b685726b02
	anti-replay context: seq 0x3f, oseq 0x0, bitmap 0xffffffff