Re: [strongSwan] Simple IPsec host-host test

Fri, 28 May 2021 12:13:08 -0700 

Hello Hoss,

Well, the first two just load settings from the config files, the latter starts 
the connection.
You specified start_action=trap in the child section, so the kernel tells the 
daemon when
to up the child (that is the case when there's no IPsec state for the matched 
trap policy).

I presume up to now you either did not have the config loaded, did not read the 
log to see if the daemon did anything,
or there simply was no traffic that needed to be processed.

Kind regards
Noel

Am 28.05.21 um 16:57 schrieb H Yavari:

Hi Noel,

Thanks for the reply.
I resolved the issue with running the swanctl -c and swanctl -q then swanctl -i 
--child host-host

it is the correct way?

Regards,
Hoss


On Friday, May 28, 2021, 07:48:13 AM PDT, Noel Kuntze 
<noel.kuntze+strongswan-users-ml@thermi.consulting> wrote:


Hello Hoss,

What do you expect to happen?
What exactly did you do up to this point?

Kind regards
Noel

Am 27.05.21 um 19:20 schrieb H Yavari:
> Hi to all,
>
> I did a simple configuration based on test samples for two ec2 on AWS, but 
nothing happens between the two machines. What I am missing?
>
> (10.0.0.30) Sun <=======> Moon (10.0.0.20)
>
> connections {
>
>     host-host {
>        remote_addrs = 10.0.0.20
>
>        local {
>           auth = psk
>           id = sun.strongswan.org
>        }
>        remote {
>           auth = psk
>           id = moon.strongswan.org
>        }
>        children {
>           host-host {
>                  start_action = trap
>           }
>        }
>     }
> }
> secrets {
>     ike-1 {
>        id-moon = moon.strongswan.org
>        id-sun = sun.strongswan.org
>        secret = 0sv+NkxY9LLZvwj4q
>     }
> }
>
>
> ------------
>
>
>
> connections {
>
>     host-host {
>        remote_addrs = 10.0.0.30
>
>        local {
>           auth = psk
>           id = moon.strongswan.org
>        }
>        remote {
>           auth = psk
>           id = sun.strongswan.org
>        }
>        children {
>           host-host {
>                  start_action = start
>           }
>        }
>     }
> }
>
> secrets {
>     ike-1 {
>        id-1 = moon.strongswan.org
>        secret = 0x45a30759df97dc26a15b88ff
>     }
>     ike-2 {
>        id-2 = sun.strongswan.org
>        secret = "This is a strong password"
>     }
>     ike-3 {
>        id-3a = moon.strongswan.org
>        id-3b = sun.strongswan.org
>        secret = 0sv+NkxY9LLZvwj4q
>     }
>     ike-4 {
>        secret = 'My "home" is my "castle"!'
>     }
>     ike-5 {
>       id-5 = 10.0.0.20
>       secret = "Andi's home"
>     }
> }
>
>
> EC2 : Debian
> Version: 5.7.2
>
> Thanks.
>
> BR
> Hoss
>

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to