Hi all, I am facing a problem of load-tester that "%d" of initiator_id didnot start from 1, but from 2.
-------- initiator_id = [email protected] -------- Below are the configuration of load-tester and the status of the ipsec tunnels. From the "ipsec statuall" you can find that initiator id started from "[email protected]", and the private address also started from "10.254.32.2/32". I suspect that any internal behavior has used "[email protected]", or any configuration caused the initiator_id started from "2". Can anyone give me some advice ? Any comment will be appreciated. If further info is needed, please let me know. ------------- configuration ------------ root@tester1:/usr/local/etc# cat strongswan.conf # strongswan.conf - strongSwan configuration file # # Refer to the strongswan.conf(5) manpage for details # # Configuration changes should be made in the included files charon { reuse_ikesa=yes load_modular=yes plugins { include strongswan.d/charon/*.conf load-tester { enable = yes responder = 192.168.0.6 proposal = aes128-sha1-modp1024 initiator_id = [email protected] initiator_match = *@strongswan.org initiator_auth = eap-aka responder_auth = psk responder_id = strongswan.org initiator_tsr = 10.65.0.0/18 esp = aes128-sha1 addrs { ens4 = 10.64.0.1/18 } addrs_prefix = 16 request_virtual_ip = yes ike_rekey = 25200 child_rekey = 28800 delete_after_established = no shutdown_when_complete = no } } --------------------------------------- root@tester1:/usr/local/etc#ipsec statusall Listening IP addresses: 10.59.128.33 10.64.127.253 Connections: load-test: 192.168.0.6...0.0.0.0 IKEv1/2 load-test: local: [strongswan.org] uses pre-shared key authentication load-test: remote: [*@strongswan.org] uses EAP_AKA authentication load-test: child: 10.65.0.0/18 === dynamic TUNNEL Security Associations (5 up, 0 connecting): load-test[5]: ESTABLISHED 6 seconds ago, 10.64.0.5[[email protected]]...192.168.0.6[strongswan.org] load-test[5]: IKEv2 SPIs: 66a396f7c9e152c1_i* e1200a4eb1b5f253_r, rekeying in 6 hours load-test[5]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 load-test{6}: INSTALLED, TUNNEL, reqid 5, ESP SPIs: c5ef7bad_i 0015790e_o load-test{6}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours load-test{6}: 10.254.32.6/32 === 10.65.0.0/18 load-test[4]: ESTABLISHED 10 seconds ago, 10.64.0.4[[email protected]]...192.168.0.6[strongswan.org] load-test[4]: IKEv2 SPIs: 15455d79dbc1b476_i* cb3974e5683d2f37_r, rekeying in 6 hours load-test[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 load-test{4}: INSTALLED, TUNNEL, reqid 4, ESP SPIs: c31265b7_i 001353b9_o load-test{4}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours load-test{4}: 10.254.32.5/32 === 10.65.0.0/18 load-test[3]: ESTABLISHED 13 seconds ago, 10.64.0.3[[email protected]]...192.168.0.6[strongswan.org] load-test[3]: IKEv2 SPIs: bbfa251802593dc9_i* 84935f6a6411adf6_r, rekeying in 6 hours load-test[3]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 load-test{3}: INSTALLED, TUNNEL, reqid 3, ESP SPIs: c1625dab_i 00132117_o load-test{3}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours load-test{3}: 10.254.32.4/32 === 10.65.0.0/18 load-test[2]: ESTABLISHED 16 seconds ago, 10.64.0.2[[email protected]]...192.168.0.6[strongswan.org] load-test[2]: IKEv2 SPIs: ca01109e85be6828_i* 2ea11c57bd317fe2_r, rekeying in 6 hours load-test[2]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 load-test{2}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c003619c_i 001423af_o load-test{2}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours load-test{2}: 10.254.32.3/32 === 10.65.0.0/18 load-test[1]: ESTABLISHED 19 seconds ago, 10.64.0.1[[email protected]]...192.168.0.6[strongswan.org] load-test[1]: IKEv2 SPIs: 208894470b3f7123_i* 2b2b934095b76978_r, rekeying in 6 hours load-test[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 load-test{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c5900c71_i 001457a4_o load-test{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 7 hours load-test{1}: 10.254.32.2/32 === 10.65.0.0/18 root@tester1:/usr/local/etc# --------------------------------------- Regards, Pluto
