| What happened when you initiate host-host connection from any side? Can you share your ipsec.conf file contents so I could see if any mistakes over there? One more question how are your firewall rules configured? Do they allow udp 500,4500, ah, esp protocols from both side? Anvar Kuchkartaev [email protected]
Hi, I'm trying to setup a GRE over IPSec. I have the GRE working, but Strongswan wouldn't pickup the gre traffic and encrypt it. Following is my topology hub 192.168.23.193 - 192.168.23.203 spoke And here are my output. Hub side: Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64): uptime: 108 seconds, since Sep 14 00:23:00 2017 malloc: sbrk 2027520, mmap 0, used 273392, free 1754128 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Listening IP addresses: 192.168.23.193 192.168.34.1 Connections: host-host: 192.168.23.193...%any IKEv2 host-host: local: [192.168.23.193] uses pre-shared key authentication host-host: remote: uses pre-shared key authentication host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT Security Associations (0 up, 0 connecting): none Spoke side: Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64): uptime: 4 seconds, since Sep 14 00:17:44 2017 malloc: sbrk 2289664, mmap 0, used 287184, free 2002480 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic Listening IP addresses: 192.168.23.203 192.168.34.3 Connections: host-host: 192.168.23.203...192.168.23.193 IKEv2 host-host: local: [192.168.23.203] uses pre-shared key authentication host-host: remote: [192.168.23.193] uses pre-shared key authentication host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT Security Associations (0 up, 0 connecting): none Any thoughts? Regards, Terry | ||
- [strongSwan] strongswan not picking up traffic Chengcheng Fu
- Re: [strongSwan] strongswan not picking up traffic Anvar Kuchkartaev
- Re: [strongSwan] strongswan not picking up traffic Chengcheng Fu
- Re: [strongSwan] strongswan not picking up traffic Chengcheng Fu
- Re: [strongSwan] strongswan not picking up traf... Noel Kuntze
- Re: [strongSwan] strongswan not picking up traf... Rajiv Kulkarni
- Re: [strongSwan] strongswan not picking up ... Rajiv Kulkarni
