Re: [Swan] L2TP/IPsec with certificates: INVALID_KEY_INFORMATION

Sun, 01 May 2016 13:30:09 -0700 

2016-05-01 16:37 GMT-03:00 Paul Wouters <[email protected]>:

> ipsec whack --trafficstatus


No traffic :'-(

000
006 #2: "windows", type=ESP,  add_time=1462134295, inBytes=0, outBytes=0,
id='CN=vpn.example.com'
000

ipsec status

000 "windows":
NAT_IP_ADDRESS/32===192.168.80.250[CN=hope.belkin.home]:17/1701---192.168.80.148...VPN_PUBLIC_ADDRESS<
vpn.example.com>[CN=vpn.example.com]:17/1701===172.16.100.2/32; erouted;
eroute owner: #2
000 "windows":     oriented; my_ip=unset; their_ip=unset;
mycert=hope.belkin.home
000 "windows":   xauth us:none, xauth them:none,  my_username=[any];
their_username=[any]
000 "windows":   modecfg info: us:none, them:none, modecfg policy:push,
dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "windows":   labeled_ipsec:no;
000 "windows":   policy_label:unset;
000 "windows":   CAs: 'DC=ar, DC=com, DC=vfc, CN=vfc-MS00009-CA'...'%any'
000 "windows":   ike_life: 3600s; ipsec_life: 28800s; replay_window: 32;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "windows":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "windows":   sha2_truncbug:no; initial_contact:no; cisco_unity:no;
fake_strongswan:no; send_vendorid:no;
000 "windows":   policy:
RSASIG+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "windows":   conn_prio: 32,32; interface: wlp7s0; metric: 0; mtu:
unset; sa_prio:auto; nflog-group: unset; mark: unset;
000 "windows":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "windows":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "windows":   ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<N/A>
000
000 Total IPsec connections: loaded 3, active 1
000
000 State Information: DDoS cookies not required, Accepting new IKE
connections
000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(1), authenticated(1), anonymous(0)
000
000 #2: "windows":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE_IF_USED in 27955s; newest IPSEC; eroute owner; isakmp#1;
idle; import:admin initiate
000 #2: "windows" esp.d6ebb5e8@VPN_PUBLIC_ADDRESS
[email protected] ref=0 refhim=4294901761 Traffic: ESPin=0B
ESPout=0B! ESPmax=4194303B
000 #1: "windows":4500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE_IF_USED in 2514s; newest ISAKMP; nodpd; idle; import:admin
initiate
000
000 Bare Shunt list:
000

Any ideas?

TIA
-- 
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to