Re: [strongSwan] migration from StrongSwan 5.1.2 to 5.3.2

Li, Charlie Fri, 04 Sep 2015 10:43:39 -0700

Hi Noel,

Yes, the two ports are configured to use static IP addresses (22.20.0.1 and 
111.222.0.1).


Here are the commands to start strongswan

#ipforward
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

#route
route add -net 30.0.0.0 netmask 255.0.0.0 gw 22.20.0.2 enp1s0f0
route add -net 140.0.0.0 netmask 255.0.0.0 gw 111.222.0.2 enp1s0f1

#start StrongSwan
strongswan restart

Please also see the attached logs.

Regards,
Charlie Li

-----Original Message-----
From: Noel Kuntze [mailto:[email protected]] 
Sent: Friday, September 04, 2015 12:31 PM
To: Li, Charlie; '[email protected]'
Subject: Re: [strongSwan] migration from StrongSwan 5.1.2 to 5.3.2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Charlie,

How are you starting strongSwan?
Does the host have any usable IP addresses?

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6dVmAAoJEDg5KY9j7GZYQ7QP/3fK6nZRMHaDQi3Cuy/KDPpp
zkr68Gjck7W88coRGqPxWTqa9/i67RH7F1s4WaPQsIGpGSkqp/S3Y4tr/IPhcQHT
JKbIWwFnhQFnbE9cnQ4qffIXr8PCEui3Kv7KjbCUuYBLAWG+u0KDoXdUbXnqEZ71
+3Rcges/M7e9N7JyxuDGFrrb6yy0KBzbTNnk7ZRdmmLE2a227sQQrQ/HSurqsWWf
l3KaazF5XKx0P0yvDkNR6NfszOMUpj64Ht2WC6KISoiupwHoLQ2pj4RM1PIDPTWz
9lY4chgp4L5hhjjqTCrusu3O9+D/t6LqOQBjqpZ9Ij6uV7QWEdCNT+noNMukTs6g
guL0q7BjxJfaOZ+SxC5lYHVSB0cu5H5TfId+ejZxchVpE75x6wEjzgJg+nJsb5c2
4Mc5Q7Zeh8KI7ipQBsejJfnNxIobJzO/P4GBMgd0EdJaKVg8A7wh9S6Y368I4Iej
QUComU1d/DWcZmgr6UbRJ0QNDx6JqiqL4uXr7RwJWl9kvVZ13FCOae06C2pQ+BK+
OLBUlm1ZRsZbdbGOL4YYUMkv0NiGR+JOKP2DTDa6WFmIRB3GuE3r1bF2pTPmb6nn
kc7Oolxxdq3CsdwYblXQ798onGyNZ4Pqk5cHwOJk26relA/ZdiwS3OlvmwF3P7q+
mtLQGpw32ESe9u/7V4Oq
=lrn4
-----END PGP SIGNATURE-----

[root@Overdrive strongswan]# pwd
/etc/strongswan
[root@Overdrive strongswan]# ll ipsec.*
-rw-r--r--  1 root root 622 Sep  2 21:20 ipsec.conf
-rw-------  1 root root 435 Sep  2 21:56 ipsec.secrets


# strongswan statusall
Status of IKE charon daemon (strongSwan 5.3.2, Linux 
4.1.0-hf-kvm-sriov-ipsec-64k.fc22.aarch64+, aarch64):
  uptime: 9 minutes, since Sep 04 16:22:58 2015
  malloc: sbrk 3604480, mmap 0, used 1633856, free 1970624
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, 
scheduled: 200
  loaded plugins: charon aes des rc2 sha1 sha2 md4 md5 random nonce x509 
revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem 
openssl fips-prf gmp xcbc cmac hmac ctr ccm curl attr kernel-netlink resolve 
socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc 
eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam 
xauth-noauth dhcp
Listening IP addresses:
Connections:
    tun1_0_0:  %any...%any  IKEv2
    tun1_0_0:   local:  uses pre-shared key authentication
    tun1_0_0:   remote: uses pre-shared key authentication
    tun1_0_0:   child:  140.0.0.0/8 === 50.0.0.0/8 TUNNEL

-------------------------------------------------------------

[root@Overdrive strongswan]# ifconfig
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 22.20.0.1  netmask 255.255.255.0  broadcast 22.20.0.255
        inet6 fe80::92e2:baff:fe75:6a28  prefixlen 64  scopeid 0x20<link>
        ether 90:e2:ba:75:6a:28  txqueuelen 1000  (Ethernet)
        RX packets 202  bytes 52120 (50.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 230  bytes 48540 (47.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp1s0f1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 111.222.0.1  netmask 255.255.255.0  broadcast 111.222.0.255
        inet6 fe80::92e2:baff:fe75:6a29  prefixlen 64  scopeid 0x20<link>
        ether 90:e2:ba:75:6a:29  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17  bytes 1282 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

---------------------------------------------------------------
#ipforward
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

#route
route add -net 30.0.0.0 netmask 255.0.0.0 gw 22.20.0.2 enp1s0f0
route add -net 140.0.0.0 netmask 255.0.0.0 gw 111.222.0.2 enp1s0f1

#start StrongSwan
strongswan restart

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] migration from StrongSwan 5.1.2 to 5.3.2

Reply via email to