ibragullam opened a new issue #4038: child: 10.180.0.8/32 === 39.204.152.238/32[10501] TUNNEL, dpdaction=restart URL: https://github.com/apache/cloudstack/issues/4038 $ nano /etc/ipsec.conf config setup charondebug="all" uniqueids=yes # connection to xxx conn yyy-to-xxx authby=secret left=10.128.0.8 leftid=34.71.172.92 leftsourceip=%config leftsubnet=10.128.0.8/32 right=41.204.128.170 ike=aes256-sha1-modp1024! esp=aes256-sha1! # pfs=no aggressive=no keyingtries=0 keyexchange=ikev1 ikelifetime=1h lifetime=24h dpddelay=30 dpdtimeout=120 dpdaction=restart type=tunnel auto=start conn add_xxx_sub0 also=yyy-to-xxx # right=41.204.152.238 rightsubnet=41.204.152.238/32[%any/10501] leftsubnet=10.128.0.8/32 auto=start conn add_xxx_sub1 also=yyy-to-xxx # right=41.204.152.232 rightsubnet=41.204.152.232/32[%any/8001] auto=start ipsec status Security Associations (1 up, 0 connecting): yyy-to-xxx[51]: ESTABLISHED 14 seconds ago, 10.128.0.8[34.71.172.92]...41.204.128.170[41.204.128.170] ipsec statusall Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-1034-gcp, x86_64): uptime: 17 minutes, since Apr 17 16:40:58 2020 malloc: sbrk 1622016, mmap 0, used 823744, free 798272 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 112 loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Listening IP addresses: 10.128.0.8 Connections: yyy-to-xxxx: 10.128.0.8...41.204.128.170 IKEv1, dpddelay=30s yyy-to-xxx: local: [34.71.172.92] uses pre-shared key authentication yyy-to-xxx: remote: [41.204.128.170] uses pre-shared key authentication yyy-to-xxx: child: 10.128.0.8/32 === dynamic TUNNEL, dpdaction=restart add_xxx_sub0: child: 10.128.0.8/32 === 41.204.152.238/32[10501] TUNNEL, dpdaction=restart add_xxx_sub1: child: 10.128.0.8/32 === 41.204.152.232/32[8001] TUNNEL, dpdaction=restart add_xxx_sub2: child: 10.128.0.8/32 === dynamic TUNNEL, dpdaction=restart Security Associations (1 up, 0 connecting): yyy-to-xxx[54]: ESTABLISHED 7 seconds ago, 10.128.0.8[34.71.172.92]...41.204.128.170[41.204.128.170] yyy-to-xxx[54]: IKEv1 SPIs: e5f0058cab84984d_i* 123b59c38f1bb2fa_r, pre-shared key reauthentication in 46 minutes yyy-to-xxx[54]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 yyy-to-xxx[54]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE QUICK_MODE yyy-to-xxx[54]: Tasks active: MODE_CONFIG
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
