5 ipsec conn config
$ sudo cat /etc/ipsec.secrets
10.10.10.116 %any : PSK "Dudecake1!"
$ sudo cat /etc/ipsec.conf
config setup
charondebug="all"
conn conceal
auto=add
authby=secret
type=transport
left=10.10.16.7
right=10.10.10.116
rightsubnet=10.10.10.116[tcp]
keyexchange=ikev1
ike=3des-sha1-modp1024!
esp=3des-sha1!
$ sudo ipsec start
Starting strongSwan 5.9.1 IPsec [starter]...
$ sudo ipsec up conceal
initiating Main Mode IKE_SA conceal[1] to 10.10.10.116
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 10.10.16.7[500] to 10.10.10.116[500] (176 bytes)
received packet: from 10.10.10.116[500] to 10.10.16.7[500] (208 bytes)
parsed ID_PROT response 0 [ SA V V V V V V ]
received MS NT5 ISAKMPOAKLEY vendor ID
received NAT-T (RFC 3947) vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 10.10.16.7[500] to 10.10.10.116[500] (244 bytes)
received packet: from 10.10.10.116[500] to 10.10.16.7[500] (260 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 10.10.16.7[500] to 10.10.10.116[500] (100 bytes)
received packet: from 10.10.10.116[500] to 10.10.16.7[500] (68 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA conceal[1] established between 10.10.16.7[10.10.16.7]...10.10.10.116[10.10.10.116]
scheduling reauthentication in 9885s
maximum IKE_SA lifetime 10425s
generating QUICK_MODE request 1867291133 [ HASH SA No ID ID ]
sending packet: from 10.10.16.7[500] to 10.10.10.116[500] (164 bytes)
received packet: from 10.10.10.116[500] to 10.10.16.7[500] (188 bytes)
parsed QUICK_MODE response 1867291133 [ HASH SA No ID ID ]
selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
CHILD_SA conceal{1} established with SPIs c000baa0_i b494d0e0_o and TS 10.10.16.7/32 === 10.10.10.116/32[tcp]
connection 'conceal' established successfully
$ sudo ipsec status
Security Associations (1 up, 0 connecting):
conceal[1]: ESTABLISHED 2 minutes ago, 10.10.16.7[10.10.16.7]...10.10.10.116[10.10.10.116]
conceal{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c000baa0_i b494d0e0_o
conceal{1}: 10.10.16.7/32 === 10.10.10.116/32[tcp]
Last updated