Re: [strongSwan] Simple IPsec host-host test
Hello Hoss,
Well, the first two just load settings from the config files, the latter starts
the connection.
You specified start_action=trap in the child section, so the kernel tells the
daemon when
to up the child (that is the case when there's no IPsec state for the matched
trap policy).
I presume up to now you either did not have the config loaded, did not read the
log to see if the daemon did anything,
or there simply was no traffic that needed to be processed.
Kind regards
Noel
Am 28.05.21 um 16:57 schrieb H Yavari:
Hi Noel,
Thanks for the reply.
I resolved the issue with running the swanctl -c and swanctl -q then swanctl -i
--child host-host
it is the correct way?
Regards,
Hoss
On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze
wrote:
Hello Hoss,
What do you expect to happen?
What exactly did you do up to this point?
Kind regards
Noel
Am 27.05.21 um 19:20 schrieb H Yavari:
> Hi to all,
>
> I did a simple configuration based on test samples for two ec2 on AWS, but
nothing happens between the two machines. What I am missing?
>
> (10.0.0.30) Sun <===> Moon (10.0.0.20)
>
> connections {
>
> host-host {
> remote_addrs = 10.0.0.20
>
> local {
> auth = psk
> id = sun.strongswan.org
> }
> remote {
> auth = psk
> id = moon.strongswan.org
> }
> children {
> host-host {
> start_action = trap
> }
> }
> }
> }
> secrets {
> ike-1 {
> id-moon = moon.strongswan.org
> id-sun = sun.strongswan.org
> secret = 0sv+NkxY9LLZvwj4q
> }
> }
>
>
>
>
>
>
> connections {
>
> host-host {
> remote_addrs = 10.0.0.30
>
> local {
> auth = psk
> id = moon.strongswan.org
> }
> remote {
> auth = psk
> id = sun.strongswan.org
> }
> children {
> host-host {
> start_action = start
> }
> }
> }
> }
>
> secrets {
> ike-1 {
> id-1 = moon.strongswan.org
> secret = 0x45a30759df97dc26a15b88ff
> }
> ike-2 {
> id-2 = sun.strongswan.org
> secret = "This is a strong password"
> }
> ike-3 {
> id-3a = moon.strongswan.org
> id-3b = sun.strongswan.org
> secret = 0sv+NkxY9LLZvwj4q
> }
> ike-4 {
> secret = 'My "home" is my "castle"!'
> }
> ike-5 {
> id-5 = 10.0.0.20
> secret = "Andi's home"
> }
> }
>
>
> EC2 : Debian
> Version: 5.7.2
>
> Thanks.
>
> BR
> Hoss
>
OpenPGP_signature
Description: OpenPGP digital signature
Re: [strongSwan] Simple IPsec host-host test
Hello Hoss,
What do you expect to happen?
What exactly did you do up to this point?
Kind regards
Noel
Am 27.05.21 um 19:20 schrieb H Yavari:
Hi to all,
I did a simple configuration based on test samples for two ec2 on AWS, but
nothing happens between the two machines. What I am missing?
(10.0.0.30) Sun <===> Moon (10.0.0.20)
connections {
host-host {
remote_addrs = 10.0.0.20
local {
auth = psk
id = sun.strongswan.org
}
remote {
auth = psk
id = moon.strongswan.org
}
children {
host-host {
start_action = trap
}
}
}
}
secrets {
ike-1 {
id-moon = moon.strongswan.org
id-sun = sun.strongswan.org
secret = 0sv+NkxY9LLZvwj4q
}
}
connections {
host-host {
remote_addrs = 10.0.0.30
local {
auth = psk
id = moon.strongswan.org
}
remote {
auth = psk
id = sun.strongswan.org
}
children {
host-host {
start_action = start
}
}
}
}
secrets {
ike-1 {
id-1 = moon.strongswan.org
secret = 0x45a30759df97dc26a15b88ff
}
ike-2 {
id-2 = sun.strongswan.org
secret = "This is a strong password"
}
ike-3 {
id-3a = moon.strongswan.org
id-3b = sun.strongswan.org
secret = 0sv+NkxY9LLZvwj4q
}
ike-4 {
secret = 'My "home" is my "castle"!'
}
ike-5 {
id-5 = 10.0.0.20
secret = "Andi's home"
}
}
EC2 : Debian
Version: 5.7.2
Thanks.
BR
Hoss
OpenPGP_signature
Description: OpenPGP digital signature
Re: [strongSwan] Simple IPsec host-host test
Hi Noel,
Thanks for the reply.I resolved the issue with running the swanctl -c and
swanctl -q then swanctl -i --child host-host
it is the correct way?
Regards,Hoss
On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze
wrote:
Hello Hoss,
What do you expect to happen?
What exactly did you do up to this point?
Kind regards
Noel
Am 27.05.21 um 19:20 schrieb H Yavari:
> Hi to all,
>
> I did a simple configuration based on test samples for two ec2 on AWS, but
> nothing happens between the two machines. What I am missing?
>
> (10.0.0.30) Sun <===> Moon (10.0.0.20)
>
> connections {
>
> host-host {
> remote_addrs = 10.0.0.20
>
> local {
> auth = psk
> id = sun.strongswan.org
> }
> remote {
> auth = psk
> id = moon.strongswan.org
> }
> children {
> host-host {
> start_action = trap
> }
> }
> }
> }
> secrets {
> ike-1 {
> id-moon = moon.strongswan.org
> id-sun = sun.strongswan.org
> secret = 0sv+NkxY9LLZvwj4q
> }
> }
>
>
>
>
>
>
> connections {
>
> host-host {
> remote_addrs = 10.0.0.30
>
> local {
> auth = psk
> id = moon.strongswan.org
> }
> remote {
> auth = psk
> id = sun.strongswan.org
> }
> children {
> host-host {
> start_action = start
> }
> }
> }
> }
>
> secrets {
> ike-1 {
> id-1 = moon.strongswan.org
> secret = 0x45a30759df97dc26a15b88ff
> }
> ike-2 {
> id-2 = sun.strongswan.org
> secret = "This is a strong password"
> }
> ike-3 {
> id-3a = moon.strongswan.org
> id-3b = sun.strongswan.org
> secret = 0sv+NkxY9LLZvwj4q
> }
> ike-4 {
> secret = 'My "home" is my "castle"!'
> }
> ike-5 {
> id-5 = 10.0.0.20
> secret = "Andi's home"
> }
> }
>
>
> EC2 : Debian
> Version: 5.7.2
>
> Thanks.
>
> BR
> Hoss
>
[strongSwan] Upcoming joint strongSwan and wolfSSL Webinar
Please join us for our upcoming webinar with Security Expert Eric Blankenhorn from wolfSSL and Andreas Steffen from the strongSwan Project. Leveraging the FIPS-certified security of wolfSSL and the power of strongSwan to make a more perfect VPN! strongSwan and wolfSSL are coming together to present a better approach to a VPN with FIPS-certified cryptography. wolfSSL has had an interest in enabling FIPS 140-2/140-3 support with strongSwan so they contributed the wolfssl crypto plugin to the strongSwan project a while ago. The wolfSSL engineers have now verified that everything is working with the wolfCrypt FIPS 140-2 validated module. wolfSSL is pleased that with the latest release of wolfSSL v4.7.0 and the wolfCrypt FIPS 140-2 module validated on FIPS certificate 3389, strongSwan support is working splendidly. When: Jun 2, 2021 10:00 AM Pacific Time (US and Canada) Topic: wolfSSL and strongSwan Partner webinar Register in advance for this webinar: https://us02web.zoom.us/webinar/register/WN_2V7369-WT0O00xu89WLyRQ After registering, you will receive a confirmation email containing information about joining the webinar. Bring any questions you may have, and we look forward to seeing you there! Best regards Andreas Steffen The invitation to the webinar is also available on the wolfSSL site: https://www.wolfssl.com/upcoming-webinar-wolfssl-strongswan-partner-webinar/ == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org strongSec GmbH, 8952 Schlieren (Switzerland) ==
