Re: [strongSwan] Simple IPsec host-host test
Hello Hoss, Well, the first two just load settings from the config files, the latter starts the connection. You specified start_action=trap in the child section, so the kernel tells the daemon when to up the child (that is the case when there's no IPsec state for the matched trap policy). I presume up to now you either did not have the config loaded, did not read the log to see if the daemon did anything, or there simply was no traffic that needed to be processed. Kind regards Noel Am 28.05.21 um 16:57 schrieb H Yavari: Hi Noel, Thanks for the reply. I resolved the issue with running the swanctl -c and swanctl -q then swanctl -i --child host-host it is the correct way? Regards, Hoss On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze wrote: Hello Hoss, What do you expect to happen? What exactly did you do up to this point? Kind regards Noel Am 27.05.21 um 19:20 schrieb H Yavari: > Hi to all, > > I did a simple configuration based on test samples for two ec2 on AWS, but nothing happens between the two machines. What I am missing? > > (10.0.0.30) Sun <===> Moon (10.0.0.20) > > connections { > > host-host { > remote_addrs = 10.0.0.20 > > local { > auth = psk > id = sun.strongswan.org > } > remote { > auth = psk > id = moon.strongswan.org > } > children { > host-host { > start_action = trap > } > } > } > } > secrets { > ike-1 { > id-moon = moon.strongswan.org > id-sun = sun.strongswan.org > secret = 0sv+NkxY9LLZvwj4q > } > } > > > > > > > connections { > > host-host { > remote_addrs = 10.0.0.30 > > local { > auth = psk > id = moon.strongswan.org > } > remote { > auth = psk > id = sun.strongswan.org > } > children { > host-host { > start_action = start > } > } > } > } > > secrets { > ike-1 { > id-1 = moon.strongswan.org > secret = 0x45a30759df97dc26a15b88ff > } > ike-2 { > id-2 = sun.strongswan.org > secret = "This is a strong password" > } > ike-3 { > id-3a = moon.strongswan.org > id-3b = sun.strongswan.org > secret = 0sv+NkxY9LLZvwj4q > } > ike-4 { > secret = 'My "home" is my "castle"!' > } > ike-5 { > id-5 = 10.0.0.20 > secret = "Andi's home" > } > } > > > EC2 : Debian > Version: 5.7.2 > > Thanks. > > BR > Hoss > OpenPGP_signature Description: OpenPGP digital signature
Re: [strongSwan] Simple IPsec host-host test
Hello Hoss, What do you expect to happen? What exactly did you do up to this point? Kind regards Noel Am 27.05.21 um 19:20 schrieb H Yavari: Hi to all, I did a simple configuration based on test samples for two ec2 on AWS, but nothing happens between the two machines. What I am missing? (10.0.0.30) Sun <===> Moon (10.0.0.20) connections { host-host { remote_addrs = 10.0.0.20 local { auth = psk id = sun.strongswan.org } remote { auth = psk id = moon.strongswan.org } children { host-host { start_action = trap } } } } secrets { ike-1 { id-moon = moon.strongswan.org id-sun = sun.strongswan.org secret = 0sv+NkxY9LLZvwj4q } } connections { host-host { remote_addrs = 10.0.0.30 local { auth = psk id = moon.strongswan.org } remote { auth = psk id = sun.strongswan.org } children { host-host { start_action = start } } } } secrets { ike-1 { id-1 = moon.strongswan.org secret = 0x45a30759df97dc26a15b88ff } ike-2 { id-2 = sun.strongswan.org secret = "This is a strong password" } ike-3 { id-3a = moon.strongswan.org id-3b = sun.strongswan.org secret = 0sv+NkxY9LLZvwj4q } ike-4 { secret = 'My "home" is my "castle"!' } ike-5 { id-5 = 10.0.0.20 secret = "Andi's home" } } EC2 : Debian Version: 5.7.2 Thanks. BR Hoss OpenPGP_signature Description: OpenPGP digital signature
Re: [strongSwan] Simple IPsec host-host test
Hi Noel, Thanks for the reply.I resolved the issue with running the swanctl -c and swanctl -q then swanctl -i --child host-host it is the correct way? Regards,Hoss On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze wrote: Hello Hoss, What do you expect to happen? What exactly did you do up to this point? Kind regards Noel Am 27.05.21 um 19:20 schrieb H Yavari: > Hi to all, > > I did a simple configuration based on test samples for two ec2 on AWS, but > nothing happens between the two machines. What I am missing? > > (10.0.0.30) Sun <===> Moon (10.0.0.20) > > connections { > > host-host { > remote_addrs = 10.0.0.20 > > local { > auth = psk > id = sun.strongswan.org > } > remote { > auth = psk > id = moon.strongswan.org > } > children { > host-host { > start_action = trap > } > } > } > } > secrets { > ike-1 { > id-moon = moon.strongswan.org > id-sun = sun.strongswan.org > secret = 0sv+NkxY9LLZvwj4q > } > } > > > > > > > connections { > > host-host { > remote_addrs = 10.0.0.30 > > local { > auth = psk > id = moon.strongswan.org > } > remote { > auth = psk > id = sun.strongswan.org > } > children { > host-host { > start_action = start > } > } > } > } > > secrets { > ike-1 { > id-1 = moon.strongswan.org > secret = 0x45a30759df97dc26a15b88ff > } > ike-2 { > id-2 = sun.strongswan.org > secret = "This is a strong password" > } > ike-3 { > id-3a = moon.strongswan.org > id-3b = sun.strongswan.org > secret = 0sv+NkxY9LLZvwj4q > } > ike-4 { > secret = 'My "home" is my "castle"!' > } > ike-5 { > id-5 = 10.0.0.20 > secret = "Andi's home" > } > } > > > EC2 : Debian > Version: 5.7.2 > > Thanks. > > BR > Hoss >
[strongSwan] Upcoming joint strongSwan and wolfSSL Webinar
Please join us for our upcoming webinar with Security Expert Eric Blankenhorn from wolfSSL and Andreas Steffen from the strongSwan Project. Leveraging the FIPS-certified security of wolfSSL and the power of strongSwan to make a more perfect VPN! strongSwan and wolfSSL are coming together to present a better approach to a VPN with FIPS-certified cryptography. wolfSSL has had an interest in enabling FIPS 140-2/140-3 support with strongSwan so they contributed the wolfssl crypto plugin to the strongSwan project a while ago. The wolfSSL engineers have now verified that everything is working with the wolfCrypt FIPS 140-2 validated module. wolfSSL is pleased that with the latest release of wolfSSL v4.7.0 and the wolfCrypt FIPS 140-2 module validated on FIPS certificate 3389, strongSwan support is working splendidly. When: Jun 2, 2021 10:00 AM Pacific Time (US and Canada) Topic: wolfSSL and strongSwan Partner webinar Register in advance for this webinar: https://us02web.zoom.us/webinar/register/WN_2V7369-WT0O00xu89WLyRQ After registering, you will receive a confirmation email containing information about joining the webinar. Bring any questions you may have, and we look forward to seeing you there! Best regards Andreas Steffen The invitation to the webinar is also available on the wolfSSL site: https://www.wolfssl.com/upcoming-webinar-wolfssl-strongswan-partner-webinar/ == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org strongSec GmbH, 8952 Schlieren (Switzerland) ==