version 1.1.1.1, 2020/06/03 09:46:46
|
version 1.1.1.2, 2021/03/17 00:20:10
|
Line 1
|
Line 1
|
sun::ipsec stroke status 2> /dev/null::conn1.*ESTABLISHED.*sun.strongswan.org.*carol.strongswan.org::YES | sun:: swanctl --list-sas --raw 2> /dev/null::conn1.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*conn1.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.100/32]::YES |
sun::ipsec stroke status 2> /dev/null::conn2.*ESTABLISHED.*sun.strongswan.org.*dave.strongswan.org::YES | sun:: swanctl --list-sas --raw 2> /dev/null::conn2.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*conn2.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.2/32] remote-ts=\[192.168.0.200/32]::YES |
carol::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*carol.strongswan.org.*sun.strongswan.org::YES | carol::swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*host-host.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.100/32] remote-ts=\[192.168.0.2/32]::YES |
dave::ipsec status 2> /dev/null::host-host.*ESTABLISHED.*dave.strongswan.org.*sun.strongswan.org::YES | dave:: swanctl --list-sas --raw 2> /dev/null::host-host.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256 prf-alg=PRF_HMAC_SHA2_512 dh-group=MODP_4096.*child-sas.*host-host.*state=INSTALLED mode=TRANSPORT.*ESP.*encr-alg=AES_CBC encr-keysize=256 integ-alg=HMAC_SHA2_512_256.*local-ts=\[192.168.0.200/32] remote-ts=\[192.168.0.2/32]::YES |
sun::ipsec stroke status 2> /dev/null::conn1.*INSTALLED, TRANSPORT::YES | |
sun::ipsec stroke status 2> /dev/null::conn2.*INSTALLED, TRANSPORT::YES | |
carol::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES | |
dave::ipsec status 2> /dev/null::host-host.*INSTALLED, TRANSPORT::YES | |
carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES |
carol::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES |
dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES |
dave::ping -c 1 PH_IP_SUN::64 bytes from PH_IP_SUN: icmp_.eq=1::YES |
carol::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES |
carol::tcpdump::IP carol.strongswan.org > sun.strongswan.org: ESP::YES |
Line 15 dave::tcpdump::IP sun.strongswan.org > dave.strongswan
|
Line 11 dave::tcpdump::IP sun.strongswan.org > dave.strongswan
|
sun::cat /tmp/tkm.log::RSA private key '/etc/tkm/sunKey.der' loaded::YES |
sun::cat /tmp/tkm.log::RSA private key '/etc/tkm/sunKey.der' loaded::YES |
sun::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.2 <-> 192.168.0.100 \]::YES |
sun::cat /tmp/tkm.log::Adding policy \[ 1, 192.168.0.2 <-> 192.168.0.100 \]::YES |
sun::cat /tmp/tkm.log::Adding policy \[ 2, 192.168.0.2 <-> 192.168.0.200 \]::YES |
sun::cat /tmp/tkm.log::Adding policy \[ 2, 192.168.0.2 <-> 192.168.0.200 \]::YES |
sun::cat /tmp/tkm.log | grep "Checked CA certificate of CC context 1" | wc -l::2::YES | sun::cat /tmp/tkm.log::Certificate chain of CC context 1 is valid::2 |
sun::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES |
sun::cat /tmp/tkm.log::Authentication of ISA context 1 successful::YES |
sun::cat /tmp/tkm.log::Authentication of ISA context 2 successful::YES |
sun::cat /tmp/tkm.log::Authentication of ISA context 2 successful::YES |
sun::cat /tmp/tkm.log::Adding ESA \[ 1, 192.168.0.2 <-> 192.168.0.100, SPI_in.*, SPI_out.*, soft 30, hard 60 \]::YES |
sun::cat /tmp/tkm.log::Adding ESA \[ 1, 192.168.0.2 <-> 192.168.0.100, SPI_in.*, SPI_out.*, soft 30, hard 60 \]::YES |