Hello Jason, You're entirely on your own there. The project does not support such old versions in any capacity.
Kind regards Noel Am 21.08.21 um 09:54 schrieb Jason Choi:
I used StrongSwan-4.2.17 and tried to set up host-host configuration following the explanation from https://www.strongswan.org/docs/readme4.htm <https://www.strongswan.org/docs/readme4.htm>. My configuration is like this. [ 192.168.1.207 ] ===== [192.168.1.206] ss_client ss_server << Configuration on host ss_client >> /etc/ipsec.d/cacerts/strongswanCert.pem /etc/ipsec.d/certs/ss_client.pem /etc/ipsec.d/private/ss_client.key /etc/ipsec.secrets: : RSA ss_client.key /etc/ipsec.conf conn host-host left=%defaultroute leftcert=ss_client.pem right=192.168.1.206 rightid="C=US, O=Home, CN=ss_server.research-this-that.com" auto=start << Configuration on host ss_server >> /etc/ipsec.d/cacerts/strongswanCert.pem /etc/ipsec.d/certs/ss_server.pem /etc/ipsec.d/private/ss_server.key /etc/ipsec.secrets: : RSA ss_server.key /etc/ipsec.conf conn host-host left=%defaultroute leftcert=ss_server.pem right=192.168.1.207 rightid="C=US, O=Home, CN=ss_client.research-this-that.com" auto=start And this is a message when I run ipsec statusall from each host. Would someone can give me any idea what was wrong? Or if you need more information from my settings and configuration, please let me know. << ipsec statusall from ss_client >> # ipsec statusall 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 192.168.1.207:500 000 interface virbr0/virbr0 192.168.122.1:500 000 %myid = (none) 000 debug none 000 000 "host-host": 192.168.1.207[C=US, O=Home, CN=ss_client.research-this-that.com]---192.168.1.1...192.168.1.206[C=US, O=Home, CN=ss_server.research-this-that.com]; unrouted; eroute owner: #0 000 "host-host": CAs: 'C=US, O=Home, CN=ss_server.research-this-that.com'...'%any' 000 "host-host": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "host-host": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0; 000 "host-host": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "host-host": IKE algorithms wanted: 7_128-2-14, 000 "host-host": IKE algorithms found: 7_128-2_160-14, 000 "host-host": ESP algorithms wanted: 12_128-2, 3_000-1, 000 "host-host": ESP algorithms loaded: 12_128-2_160, 3_192-1_128, 000 000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 30s 000 #1: pending Phase 2 for "host-host" replacing #0 000 << ipsec statusall from ss_server >> # ipsec statusall 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 192.168.1.206:500 000 interface virbr0/virbr0 192.168.122.1:500 000 %myid = (none) 000 debug none 000 000 "host-host": 192.168.1.206[C=US, O=Home, CN=ss_server.research-this-that.com]---192.168.1.1...192.168.0.1[C=US, O=Home, CN=ss_client.research-this-that.com]; unrouted; eroute owner: #0 000 "host-host": CAs: 'C=US, O=Home, CN=ss_server.research-this-that.com'...'%any' 000 "host-host": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "host-host": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: eth0; 000 "host-host": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "host-host": IKE algorithms wanted: 7_128-2-14, 000 "host-host": IKE algorithms found: 7_128-2_160-14, 000 "host-host": ESP algorithms wanted: 12_128-2, 3_000-1, 000 "host-host": ESP algorithms loaded: 12_128-2_160, 3_192-1_128, 000 000 #1: "host-host" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 1s 000 #1: pending Phase 2 for "host-host" replacing #0 000 Windows の メール <https://go.microsoft.com/fwlink/?LinkId=550986> から送信
OpenPGP_signature
Description: OpenPGP digital signature
