Hello, Please provide all the information that is listed on the HelpRequests[1] page on the wiki. Use the listed commands to get that information.
Right now, you don't even have a CHILD_SA that could be used to encapsulate the traffic nor an IKE_SA to negotiate that CHILD_SA over. Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests On 13.09.2017 19:18, Anvar Kuchkartaev wrote: > What happened when you initiate host-host connection from any side? Can you > share your ipsec.conf file contents so I could see if any mistakes over > there? One more question how are your firewall rules configured? Do they > allow udp 500,4500, ah, esp protocols from both side? > > Anvar Kuchkartaev > [email protected] > *From: *Chengcheng Fu > *Sent: *miércoles, 13 de septiembre de 2017 06:27 p.m. > *To: *[email protected] > *Subject: *[strongSwan] strongswan not picking up traffic > > > Hi, > > I'm trying to setup a GRE over IPSec. > > I have the GRE working, but Strongswan wouldn't pickup the gre traffic and > encrypt it. > > Following is my topology > > hub 192.168.23.193 - 192.168.23.203 spoke > > > And here are my output. > Hub side: > Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64): > uptime: 108 seconds, since Sep 14 00:23:00 2017 > malloc: sbrk 2027520, mmap 0, used 273392, free 1754128 > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, > scheduled: 0 > loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation > constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf > gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default > stroke vici updown xauth-generic > Listening IP addresses: > 192.168.23.193 > 192.168.34.1 > Connections: > host-host: 192.168.23.193...%any IKEv2 > host-host: local: [192.168.23.193] uses pre-shared key authentication > host-host: remote: uses pre-shared key authentication > host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT > Security Associations (0 up, 0 connecting): > none > > > > Spoke side: > Status of IKE charon daemon (strongSwan 5.6.0, Linux 4.9.47, x86_64): > uptime: 4 seconds, since Sep 14 00:17:44 2017 > malloc: sbrk 2289664, mmap 0, used 287184, free 2002480 > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, > scheduled: 0 > loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation > constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf > gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default > stroke vici updown xauth-generic > Listening IP addresses: > 192.168.23.203 > 192.168.34.3 > Connections: > host-host: 192.168.23.203...192.168.23.193 IKEv2 > host-host: local: [192.168.23.203] uses pre-shared key authentication > host-host: remote: [192.168.23.193] uses pre-shared key authentication > host-host: child: dynamic[gre] === dynamic[gre] TRANSPORT > Security Associations (0 up, 0 connecting): > none > > > > Any thoughts? > > Regards, > > Terry >
signature.asc
Description: OpenPGP digital signature
