dudarra edited a comment on issue #3138: StrongSwan with several rightsubnet's - ikev1 URL: https://github.com/apache/cloudstack/issues/3138#issuecomment-494746586 Update on the VPN! We tried with Riverbed - Cloudstack! Riverbed with 3 tiers and Cloudstack with 2. Everything worked from the beginning... `Cloudstack: Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-8-amd64, x86_64): uptime: 12 days, since May 09 14:24:31 2019 malloc: sbrk 2797568, mmap 0, used 756512, free 2041056 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8 loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha2 sha1 md5 random n once x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshk ey pem gcrypt af-alg fips-prf gmp xcbc cmac hmac ctr ccm curl attr kernel-netlin k resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth- pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity Listening IP addresses: 10.100.9.150 172.16.2.1 172.16.1.1 Connections: vpn-14: 16...14 IKEv1/2 vpn-14: local: [6] uses pre-shared key authentication vpn-14: remote: [14] uses pre-shared key authenticatio n vpn-14: child: 172.16.0.0/16 === 10.100.0.0/24 10.100.45.0/24 10. 100.11.0/24 TUNNEL L2TP-PSK: 172.26.0.151...%any IKEv1/2 L2TP-PSK: local: [172.26.0.151] uses pre-shared key authentication L2TP-PSK: remote: uses pre-shared key authentication L2TP-PSK: child: dynamic[udp/l2f] === 0.0.0.0/0[udp] TRANSPORT Routed Connections: L2TP-PSK{504}: ROUTED, TRANSPORT, reqid 29 L2TP-PSK{504}: 0.0.0.0/0[udp/l2f] === 0.0.0.0/0[udp] vpn-14{503}: ROUTED, TUNNEL, reqid 28 vpn-14{503}: 172.16.0.0/16 === 10.100.0.0/24 10.100.11.0/24 10.100 .45.0/24 Security Associations (1 up, 0 connecting): vpn-14[129]: ESTABLISHED 70 minutes ago, 16[16 ]...14[14] vpn-14[129]: IKEv2 SPIs: 0b23c16db510c360_i 65114284d4d78125_r*, pre -shared key reauthentication in 94 minutes vpn-14[129]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP _1536 ` `Riverbed; Status of IKE charon daemon (strongSwan 5.5.2, Linux 4.4.89, x86_64): uptime: 62 days, since Mar 20 22:56:49 2019 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 44 loaded plugins: charon sha1 nonce x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf xcbc gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-tls xauth-generic xauth-noauth whitelist unity Virtual IP pools (size/online/offline): 172.16.16.0/24: 254/0/1 Listening IP addresses: 10.100.1.4 10.100.1.1 192.168.204.4 192.168.205.1 10.100.44.4 10.100.45.1 10.100.0.4 10.100.0.1 Connections: endpoint: %any...%any IKEv2, dpddelay=300s endpoint: local: [ID_DER_ASN1_DN:O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication endpoint: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net" endpoint: remote: uses public key authentication endpoint: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear endpoint_osx1: %any...%any IKEv1, dpddelay=300s endpoint_osx1: local: [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication endpoint_osx1: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint_osx1: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net" endpoint_osx1: remote: uses public key authentication endpoint_osx1: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint_osx1: remote: uses XAuth authentication: noauth endpoint_osx1: child: 10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24 172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear endpoint_osx2: %any...%any IKEv2, dpddelay=300s endpoint_osx2: local: [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication endpoint_osx2: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint_osx2: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net" endpoint_osx2: remote: uses public key authentication endpoint_osx2: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA" endpoint_osx2: child: 10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24 172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear`
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
