Strongswan5.3.3与Android5.0.2(小米) 主模式的对接L2TPoverIPsec

ipsec.conf:
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret
    #aggressive=yes
conn net-net
    type=transport
    left=192.168.0.132
    leftsubnet=0.0.0.0/0
    #leftid=@sun
    leftid=192.168.0.132
    leftfirewall=yes
    right=192.168.0.124
    rightsubnet=0.0.0.0/0
    #rightid=@moon
    rightid=192.168.0.124
    auto=add
    
ipsec.secrets:
# /etc/ipsec.secrets - strongSwan IPsec secrets file
192.168.0.132 192.168.0.124 : PSK 0saGVsbG8=


注意,选用的是main模式,安卓机选L2TPoverIPsec,注意IPsec标识符不要设置,设置PSK为hello。
安卓机如果不设置标识符,那么他的身份是IP地址,协商是MAIN模式。
如果设置为1.1.1.1这样的点分式,他的身份就是FQDN了,协商变为野蛮模式。
如果设置为moon这样的字符串,身份方式变为KEY_ID,协商也是野蛮模式。

[root@- strongswan.d]# cat /var/log/charon.log 
Dec 16 16:27:07 00[DMN] Starting IKE charon daemon (strongSwan 5.3.3, Linux 3.4.44, x86_64)
Dec 16 16:27:07 00[LIB] plugin 'pkcs11': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'aes': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'des': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'rc2': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'sha1': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'sha2': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'md5': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'random': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'nonce': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'x509': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'revocation': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'constraints': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pubkey': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pkcs1': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pkcs7': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pkcs8': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pkcs12': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pgp': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'dnskey': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'sshkey': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'pem': loaded successfully
Dec 16 16:27:07 00[LIB] openssl FIPS mode(0) - disabled 
Dec 16 16:27:07 00[LIB] plugin 'openssl': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'fips-prf': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'gmp': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'xcbc': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'cmac': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'hmac': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'attr': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'kernel-netlink': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'resolve': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'socket-default': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'stroke': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'updown': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'eap-identity': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'eap-md5': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'eap-mschapv2': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'eap-radius': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'xauth-generic': loaded successfully
Dec 16 16:27:07 00[LIB] plugin 'unity': loaded successfully
Dec 16 16:27:07 00[KNL] known interfaces and IP addresses:
Dec 16 16:27:07 00[KNL]   lo
Dec 16 16:27:07 00[KNL]     127.0.0.1
Dec 16 16:27:07 00[KNL]     ::1
Dec 16 16:27:07 00[KNL]   eno16777736
Dec 16 16:27:07 00[KNL]     192.168.0.132
Dec 16 16:27:07 00[KNL]     fe80::20c:29ff:fe95:8e0c
Dec 16 16:27:07 00[KNL]   eno33554960
Dec 16 16:27:07 00[KNL]     192.168.152.150
Dec 16 16:27:07 00[KNL]     192.168.152.132
Dec 16 16:27:07 00[KNL]     fe80::20c:29ff:fe95:8e16
Dec 16 16:27:07 00[KNL]   eno50332184
Dec 16 16:27:07 00[KNL]     192.168.233.128
Dec 16 16:27:07 00[KNL]     fe80::20c:29ff:fe95:8e20
Dec 16 16:27:07 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Dec 16 16:27:07 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Dec 16 16:27:07 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
Dec 16 16:27:07 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST
Dec 16 16:27:07 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Dec 16 16:27:07 00[ASN]   file content is not binary ASN.1
Dec 16 16:27:07 00[ASN]   -----BEGIN CERTIFICATE-----
Dec 16 16:27:07 00[ASN]   -----END CERTIFICATE-----
Dec 16 16:27:07 00[ASN] L0 - x509:
Dec 16 16:27:07 00[ASN] L1 - tbsCertificate:
Dec 16 16:27:07 00[ASN] L2 - DEFAULT v1:
Dec 16 16:27:07 00[ASN] L3 - version:
Dec 16 16:27:07 00[ASN]   X.509v3
Dec 16 16:27:07 00[ASN] L2 - serialNumber:
Dec 16 16:27:07 00[ASN] L2 - signature:
Dec 16 16:27:07 00[ASN] L3 - algorithmIdentifier:
Dec 16 16:27:07 00[ASN] L4 - algorithm:
Dec 16 16:27:07 00[ASN]   'sha256WithRSAEncryption'
Dec 16 16:27:07 00[ASN] L2 - issuer:
Dec 16 16:27:07 00[ASN]   'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
Dec 16 16:27:07 00[ASN] L2 - validity:
Dec 16 16:27:07 00[ASN] L3 - notBefore:
Dec 16 16:27:07 00[ASN] L4 - utcTime:
Dec 16 16:27:07 00[ASN]   'Sep 10 10:01:18 UTC 2004'
Dec 16 16:27:07 00[ASN] L3 - notAfter:
Dec 16 16:27:07 00[ASN] L4 - utcTime:
Dec 16 16:27:07 00[ASN]   'Sep 07 10:01:18 UTC 2019'
Dec 16 16:27:07 00[ASN] L2 - subject:
Dec 16 16:27:07 00[ASN]   'C=CH, O=Linux strongSwan, CN=strongSwan Root CA'
Dec 16 16:27:07 00[ASN] L2 - subjectPublicKeyInfo:
Dec 16 16:27:07 00[ASN] -- > --
Dec 16 16:27:07 00[ASN] L0 - subjectPublicKeyInfo:
Dec 16 16:27:07 00[ASN] L1 - algorithm:
Dec 16 16:27:07 00[ASN] L2 - algorithmIdentifier:
Dec 16 16:27:07 00[ASN] L3 - algorithm:
Dec 16 16:27:07 00[ASN]   'rsaEncryption'
Dec 16 16:27:07 00[ASN] L1 - subjectPublicKey:
Dec 16 16:27:07 00[ASN] -- > --
Dec 16 16:27:07 00[ASN] L0 - RSAPublicKey:
Dec 16 16:27:07 00[ASN] L1 - modulus:
Dec 16 16:27:07 00[ASN] L1 - publicExponent:
Dec 16 16:27:07 00[ASN] -- < --
Dec 16 16:27:07 00[ASN] -- < --
Dec 16 16:27:07 00[ASN] L2 - optional extensions:
Dec 16 16:27:07 00[ASN] L3 - extensions:
Dec 16 16:27:07 00[ASN] L4 - extension:
Dec 16 16:27:07 00[ASN] L5 - extnID:
Dec 16 16:27:07 00[ASN]   'basicConstraints'
Dec 16 16:27:07 00[ASN] L5 - critical:
Dec 16 16:27:07 00[ASN]   TRUE
Dec 16 16:27:07 00[ASN] L5 - extnValue:
Dec 16 16:27:07 00[ASN] L6 - basicConstraints:
Dec 16 16:27:07 00[ASN] L7 - CA:
Dec 16 16:27:07 00[ASN]   TRUE
Dec 16 16:27:07 00[ASN] L7 - pathLenConstraint:
Dec 16 16:27:07 00[ASN] L4 - extension:
Dec 16 16:27:07 00[ASN] L5 - extnID:
Dec 16 16:27:07 00[ASN]   'keyUsage'
Dec 16 16:27:07 00[ASN] L5 - critical:
Dec 16 16:27:07 00[ASN]   FALSE
Dec 16 16:27:07 00[ASN] L5 - extnValue:
Dec 16 16:27:07 00[ASN] L4 - extension:
Dec 16 16:27:07 00[ASN] L5 - extnID:
Dec 16 16:27:07 00[ASN]   'subjectKeyIdentifier'
Dec 16 16:27:07 00[ASN] L5 - critical:
Dec 16 16:27:07 00[ASN]   FALSE
Dec 16 16:27:07 00[ASN] L5 - extnValue:
Dec 16 16:27:07 00[ASN] L6 - keyIdentifier:
Dec 16 16:27:07 00[ASN] L4 - extension:
Dec 16 16:27:07 00[ASN] L5 - extnID:
Dec 16 16:27:07 00[ASN]   'authorityKeyIdentifier'
Dec 16 16:27:07 00[ASN] L5 - critical:
Dec 16 16:27:07 00[ASN]   FALSE
Dec 16 16:27:07 00[ASN] L5 - extnValue:
Dec 16 16:27:07 00[ASN] L6 - authorityKeyIdentifier:
Dec 16 16:27:07 00[ASN] L7 - keyIdentifier:
Dec 16 16:27:07 00[ASN] L7 - authorityCertIssuer:
Dec 16 16:27:07 00[ASN] L7 - authorityCertSerialNumber:
Dec 16 16:27:07 00[ASN] L1 - signatureAlgorithm:
Dec 16 16:27:07 00[ASN] L2 - algorithmIdentifier:
Dec 16 16:27:07 00[ASN] L3 - algorithm:
Dec 16 16:27:07 00[ASN]   'sha256WithRSAEncryption'
Dec 16 16:27:07 00[ASN] L1 - signatureValue:
Dec 16 16:27:07 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/usr/local/etc/ipsec.d/cacerts/strongswanCert.pem'
Dec 16 16:27:07 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Dec 16 16:27:07 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Dec 16 16:27:07 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Dec 16 16:27:07 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Dec 16 16:27:07 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Dec 16 16:27:07 00[CFG]   loaded IKE secret for @moon @sun
Dec 16 16:27:07 00[CFG]   loaded IKE secret for 192.168.152.150 192.168.152.1
Dec 16 16:27:07 00[CFG]   loaded IKE secret for 192.168.0.132 192.168.0.124
Dec 16 16:27:07 00[CFG] loaded 0 RADIUS server configurations
Dec 16 16:27:07 00[LIB] loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic unity
Dec 16 16:27:07 00[LIB] unable to load 4 plugin features (4 due to unmet dependencies)
Dec 16 16:27:07 00[JOB] spawning 6 worker threads
Dec 16 16:27:07 05[LIB] created thread 05 [11125]
Dec 16 16:27:07 05[JOB] started worker thread 05
Dec 16 16:27:07 05[JOB] no events, waiting
Dec 16 16:27:07 06[LIB] created thread 06 [11126]
Dec 16 16:27:07 06[JOB] started worker thread 06
Dec 16 16:27:07 06[JOB] watcher going to poll() 4 fds
Dec 16 16:27:07 06[JOB] watcher got notification, rebuilding
Dec 16 16:27:07 06[JOB] watcher going to poll() 4 fds
Dec 16 16:27:07 01[LIB] created thread 01 [11121]
Dec 16 16:27:07 01[JOB] started worker thread 01
Dec 16 16:27:07 01[NET] waiting for data on sockets
Dec 16 16:27:07 02[LIB] created thread 02 [11122]
Dec 16 16:27:07 02[JOB] started worker thread 02
Dec 16 16:27:07 03[LIB] created thread 03 [11123]
Dec 16 16:27:07 03[JOB] started worker thread 03
Dec 16 16:27:07 04[LIB] created thread 04 [11124]
Dec 16 16:27:07 04[JOB] started worker thread 04
Dec 16 16:27:07 06[JOB] watched FD 16 ready to read
Dec 16 16:27:07 06[JOB] watcher going to poll() 3 fds
Dec 16 16:27:07 03[CFG] stroke message => 835 bytes @ 0x7f37500011f0
Dec 16 16:27:07 03[CFG]    0: 43 03 00 00 03 00 00 00 FF FF FF FF 00 00 00 00  C...............
Dec 16 16:27:07 03[CFG]   16: 92 02 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]   32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]   48: 00 00 00 00 00 00 00 00 01 00 00 00 40 00 00 00  ............@...
Dec 16 16:27:07 03[CFG]   64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]   80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]   96: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  112: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  ................
Dec 16 16:27:07 03[CFG]  128: 9A 02 00 00 00 00 00 00 C2 02 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  144: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  160: B0 04 00 00 00 00 00 00 10 0E 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  176: B4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  208: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  224: 64 00 00 00 00 00 00 00 1E 00 00 00 00 00 00 00  d...............
Dec 16 16:27:07 03[CFG]  240: 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  288: 00 00 00 00 00 00 00 00 3B 03 00 00 00 00 00 00  ........;.......
Dec 16 16:27:07 03[CFG]  304: 00 00 00 00 00 00 00 00 D8 02 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  336: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  400: E6 02 00 00 00 00 00 00 FD 02 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  416: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  432: 00 00 00 00 00 00 00 00 0B 03 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  448: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  464: 00 00 00 00 FF FF 00 00 3F 03 00 00 00 00 00 00  ........?.......
Dec 16 16:27:07 03[CFG]  480: 00 00 00 00 00 00 00 00 15 03 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  512: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  544: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  576: 00 00 00 00 00 00 00 00 23 03 00 00 00 00 00 00  ........#.......
Dec 16 16:27:07 03[CFG]  592: F4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  608: 00 00 00 00 00 00 00 00 31 03 00 00 00 00 00 00  ........1.......
Dec 16 16:27:07 03[CFG]  624: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  640: 00 00 00 00 FF FF 00 00 FF FF FF FF 00 00 00 00  ................
Dec 16 16:27:07 03[CFG]  656: 00 04 6E 65 74 2D 6E 65 74 00 61 65 73 31 32 38  ..net-net.aes128
Dec 16 16:27:07 03[CFG]  672: 2D 73 68 61 31 2D 6D 6F 64 70 32 30 34 38 2C 33  -sha1-modp2048,3
Dec 16 16:27:07 03[CFG]  688: 64 65 73 2D 73 68 61 31 2D 6D 6F 64 70 31 35 33  des-sha1-modp153
Dec 16 16:27:07 03[CFG]  704: 36 00 61 65 73 31 32 38 2D 73 68 61 31 2C 33 64  6.aes128-sha1,3d
Dec 16 16:27:07 03[CFG]  720: 65 73 2D 73 68 61 31 00 31 39 32 2E 31 36 38 2E  es-sha1.192.168.
Dec 16 16:27:07 03[CFG]  736: 30 2E 31 33 32 00 69 70 73 65 63 20 5F 75 70 64  0.132.ipsec _upd
Dec 16 16:27:07 03[CFG]  752: 6F 77 6E 20 69 70 74 61 62 6C 65 73 00 31 39 32  own iptables.192
Dec 16 16:27:07 03[CFG]  768: 2E 31 36 38 2E 30 2E 31 33 32 00 30 2E 30 2E 30  .168.0.132.0.0.0
Dec 16 16:27:07 03[CFG]  784: 2E 30 2F 30 00 31 39 32 2E 31 36 38 2E 30 2E 31  .0/0.192.168.0.1
Dec 16 16:27:07 03[CFG]  800: 32 34 00 31 39 32 2E 31 36 38 2E 30 2E 31 32 34  24.192.168.0.124
Dec 16 16:27:07 03[CFG]  816: 00 30 2E 30 2E 30 2E 30 2F 30 00 70 73 6B 00 70  .0.0.0.0/0.psk.p
Dec 16 16:27:07 03[CFG]  832: 73 6B 00                                         sk.
Dec 16 16:27:07 03[CFG] received stroke: add connection 'net-net'
Dec 16 16:27:07 03[CFG] conn net-net
Dec 16 16:27:07 03[CFG]   left=192.168.0.132
Dec 16 16:27:07 03[CFG]   leftsubnet=0.0.0.0/0
Dec 16 16:27:07 03[CFG]   leftauth=psk
Dec 16 16:27:07 03[CFG]   leftid=192.168.0.132
Dec 16 16:27:07 03[CFG]   leftupdown=ipsec _updown iptables
Dec 16 16:27:07 03[CFG]   right=192.168.0.124
Dec 16 16:27:07 03[CFG]   rightsubnet=0.0.0.0/0
Dec 16 16:27:07 03[CFG]   rightauth=psk
Dec 16 16:27:07 03[CFG]   rightid=192.168.0.124
Dec 16 16:27:07 03[CFG]   ike=aes128-sha1-modp2048,3des-sha1-modp1536
Dec 16 16:27:07 03[CFG]   esp=aes128-sha1,3des-sha1
Dec 16 16:27:07 03[CFG]   dpddelay=30
Dec 16 16:27:07 03[CFG]   dpdtimeout=150
Dec 16 16:27:07 03[CFG]   mediation=no
Dec 16 16:27:07 03[CFG]   keyexchange=ikev1
Dec 16 16:27:07 03[KNL] 192.168.0.124 is not a local address or the interface is down
Dec 16 16:27:07 06[JOB] watcher got notification, rebuilding
Dec 16 16:27:07 06[JOB] watcher going to poll() 4 fds
Dec 16 16:27:07 03[CFG] added configuration 'net-net'
Dec 16 16:27:07 06[JOB] watcher got notification, rebuilding
Dec 16 16:27:07 06[JOB] watcher going to poll() 4 fds
Dec 16 16:27:10 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:10 01[NET] waiting for data on sockets
Dec 16 16:27:10 04[MGR] checkout IKE_SA by message
Dec 16 16:27:10 04[MGR] created IKE_SA (unnamed)[1]
Dec 16 16:27:10 04[NET] <1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (444 bytes)
Dec 16 16:27:10 04[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V ]
Dec 16 16:27:10 04[CFG] <1> looking for an ike config for 192.168.0.132...192.168.0.124
Dec 16 16:27:10 04[CFG] <1> ike config match: 3100 (192.168.0.132 192.168.0.124 IKEv1)
Dec 16 16:27:10 04[CFG] <1>   candidate: 192.168.0.132...192.168.0.124, prio 3100
Dec 16 16:27:10 04[CFG] <1> found matching ike config: 192.168.0.132...192.168.0.124 with prio 3100
Dec 16 16:27:10 04[IKE] <1> received NAT-T (RFC 3947) vendor ID
Dec 16 16:27:10 04[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Dec 16 16:27:10 04[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 16 16:27:10 04[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Dec 16 16:27:10 04[IKE] <1> received FRAGMENTATION vendor ID
Dec 16 16:27:10 04[IKE] <1> received DPD vendor ID
Dec 16 16:27:10 04[IKE] <1> 192.168.0.124 is initiating a Main Mode IKE_SA
Dec 16 16:27:10 04[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable PSEUDO_RANDOM_FUNCTION found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable DIFFIE_HELLMAN_GROUP found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable PSEUDO_RANDOM_FUNCTION found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:10 04[CFG] <1> selecting proposal:
Dec 16 16:27:10 04[CFG] <1>   proposal matches
Dec 16 16:27:10 05[JOB] next event in 29s 993ms, waiting
Dec 16 16:27:10 04[CFG] <1> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Dec 16 16:27:10 04[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 16 16:27:10 04[CFG] <1> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 16 16:27:10 04[IKE] <1> sending XAuth vendor ID
Dec 16 16:27:10 04[IKE] <1> sending DPD vendor ID
Dec 16 16:27:10 04[IKE] <1> sending NAT-T (RFC 3947) vendor ID
Dec 16 16:27:10 04[ENC] <1> generating ID_PROT response 0 [ SA V V V ]
Dec 16 16:27:10 04[NET] <1> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (132 bytes)
Dec 16 16:27:10 04[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 16:27:10 04[MGR] <1> check-in of IKE_SA successful.
Dec 16 16:27:10 02[NET] sending packet: from 192.168.0.132[500] to 192.168.0.124[500]
Dec 16 16:27:10 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:10 01[NET] waiting for data on sockets
Dec 16 16:27:10 03[MGR] checkout IKE_SA by message
Dec 16 16:27:10 03[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 16:27:10 03[NET] <1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (228 bytes)
Dec 16 16:27:10 03[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Dec 16 16:27:10 03[LIB] <1> size of DH secret exponent: 1023 bits
Dec 16 16:27:10 03[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Dec 16 16:27:10 03[NET] <1> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (244 bytes)
Dec 16 16:27:10 03[MGR] <1> checkin IKE_SA (unnamed)[1]
Dec 16 16:27:10 03[MGR] <1> check-in of IKE_SA successful.
Dec 16 16:27:10 02[NET] sending packet: from 192.168.0.132[500] to 192.168.0.124[500]
Dec 16 16:27:10 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:10 01[NET] waiting for data on sockets
Dec 16 16:27:10 04[MGR] checkout IKE_SA by message
Dec 16 16:27:10 04[MGR] IKE_SA (unnamed)[1] successfully checked out
Dec 16 16:27:10 04[NET] <1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (76 bytes)
Dec 16 16:27:10 04[ENC] <1> parsed ID_PROT request 0 [ ID HASH ]
Dec 16 16:27:10 04[CFG] <1> looking for pre-shared key peer configs matching 192.168.0.132...192.168.0.124[192.168.0.124]
Dec 16 16:27:10 04[CFG] <1> peer config match local: 1 (ID_ANY)
Dec 16 16:27:10 04[CFG] <1> peer config match remote: 20 (ID_IPV4_ADDR -> c0:a8:00:7c)
Dec 16 16:27:10 04[CFG] <1> ike config match: 3100 (192.168.0.132 192.168.0.124 IKEv1)
Dec 16 16:27:10 04[CFG] <1>   candidate "net-net", match: 1/20/3100 (me/other/ike)
Dec 16 16:27:10 04[CFG] <1> selected peer config "net-net"
Dec 16 16:27:10 04[IKE] <net-net|1> IKE_SA net-net[1] established between 192.168.0.132[192.168.0.132]...192.168.0.124[192.168.0.124]
Dec 16 16:27:10 04[IKE] <net-net|1> IKE_SA net-net[1] state change: CONNECTING => ESTABLISHED
Dec 16 16:27:10 04[IKE] <net-net|1> scheduling reauthentication in 3271s
Dec 16 16:27:10 04[IKE] <net-net|1> maximum IKE_SA lifetime 3451s
Dec 16 16:27:10 04[ENC] <net-net|1> generating ID_PROT response 0 [ ID HASH ]
Dec 16 16:27:10 04[NET] <net-net|1> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (68 bytes)
Dec 16 16:27:10 04[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 16:27:10 04[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 16:27:10 04[MGR] checkout IKE_SA
Dec 16 16:27:10 04[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 16:27:10 04[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 16:27:10 04[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 16:27:10 05[JOB] next event in 29s 944ms, waiting
Dec 16 16:27:10 02[NET] sending packet: from 192.168.0.132[500] to 192.168.0.124[500]
Dec 16 16:27:10 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:10 01[NET] waiting for data on sockets
Dec 16 16:27:10 04[MGR] checkout IKE_SA by message
Dec 16 16:27:10 04[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 16:27:10 04[NET] <net-net|1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (92 bytes)
Dec 16 16:27:10 04[ENC] <net-net|1> parsed INFORMATIONAL_V1 request 2818635222 [ HASH N(INITIAL_CONTACT) ]
Dec 16 16:27:10 04[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 16:27:10 04[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 16:27:14 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:14 01[NET] waiting for data on sockets
Dec 16 16:27:14 03[MGR] checkout IKE_SA by message
Dec 16 16:27:14 03[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 16:27:14 03[NET] <net-net|1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (340 bytes)
Dec 16 16:27:14 03[ENC] <net-net|1> parsed QUICK_MODE request 3411731601 [ HASH SA No ID ID ]
Dec 16 16:27:14 03[CFG] <net-net|1> looking for a child config for 192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] 
Dec 16 16:27:14 03[CFG] <net-net|1> proposing traffic selectors for us:
Dec 16 16:27:14 03[CFG] <net-net|1>  0.0.0.0/0
Dec 16 16:27:14 03[CFG] <net-net|1> proposing traffic selectors for other:
Dec 16 16:27:14 03[CFG] <net-net|1>  0.0.0.0/0
Dec 16 16:27:14 03[CFG] <net-net|1>   candidate "net-net" with prio 1+1
Dec 16 16:27:14 03[CFG] <net-net|1> found matching child config "net-net" with prio 2
Dec 16 16:27:14 03[CFG] <net-net|1> selecting traffic selectors for other:
Dec 16 16:27:14 03[CFG] <net-net|1>  config: 0.0.0.0/0, received: 192.168.0.124/32[udp] => match: 192.168.0.124/32[udp]
Dec 16 16:27:14 03[CFG] <net-net|1> selecting traffic selectors for us:
Dec 16 16:27:14 03[CFG] <net-net|1>  config: 0.0.0.0/0, received: 192.168.0.132/32[udp/l2tp] => match: 192.168.0.132/32[udp/l2tp]
Dec 16 16:27:14 03[CFG] <net-net|1> selecting proposal:
Dec 16 16:27:14 03[CFG] <net-net|1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:14 03[CFG] <net-net|1> selecting proposal:
Dec 16 16:27:14 03[CFG] <net-net|1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:14 03[CFG] <net-net|1> selecting proposal:
Dec 16 16:27:14 03[CFG] <net-net|1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:14 03[CFG] <net-net|1> selecting proposal:
Dec 16 16:27:14 03[CFG] <net-net|1>   no acceptable ENCRYPTION_ALGORITHM found
Dec 16 16:27:14 03[CFG] <net-net|1> selecting proposal:
Dec 16 16:27:14 03[CFG] <net-net|1>   proposal matches
Dec 16 16:27:14 03[CFG] <net-net|1> received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ
Dec 16 16:27:14 03[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Dec 16 16:27:14 03[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Dec 16 16:27:14 03[IKE] <net-net|1> received 28800s lifetime, configured 1200s
Dec 16 16:27:14 03[KNL] <net-net|1> got SPI c71db09a
Dec 16 16:27:14 03[ENC] <net-net|1> generating QUICK_MODE response 3411731601 [ HASH SA No ID ID ]
Dec 16 16:27:14 03[NET] <net-net|1> sending packet: from 192.168.0.132[500] to 192.168.0.124[500] (172 bytes)
Dec 16 16:27:14 03[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 16:27:14 03[MGR] <net-net|1> check-in of IKE_SA successful.
Dec 16 16:27:14 02[NET] sending packet: from 192.168.0.132[500] to 192.168.0.124[500]
Dec 16 16:27:14 05[JOB] next event in 3s 999ms, waiting
Dec 16 16:27:14 01[NET] received packet: from 192.168.0.124[500] to 192.168.0.132[500]
Dec 16 16:27:14 01[NET] waiting for data on sockets
Dec 16 16:27:14 04[MGR] checkout IKE_SA by message
Dec 16 16:27:14 04[MGR] IKE_SA net-net[1] successfully checked out
Dec 16 16:27:14 04[NET] <net-net|1> received packet: from 192.168.0.124[500] to 192.168.0.132[500] (68 bytes)
Dec 16 16:27:14 04[ENC] <net-net|1> parsed QUICK_MODE request 3411731601 [ HASH ]
Dec 16 16:27:14 04[CHD] <net-net|1>   using AES_CBC for encryption
Dec 16 16:27:14 04[CHD] <net-net|1>   using HMAC_SHA1_96 for integrity
Dec 16 16:27:14 04[CHD] <net-net|1> adding inbound ESP SA
Dec 16 16:27:14 04[CHD] <net-net|1>   SPI 0xc71db09a, src 192.168.0.124 dst 192.168.0.132
Dec 16 16:27:14 04[KNL] <net-net|1> adding SAD entry with SPI c71db09a and reqid {1}  (mark 0/0x00000000)
Dec 16 16:27:14 04[KNL] <net-net|1>   using encryption algorithm AES_CBC with key size 128
Dec 16 16:27:14 04[KNL] <net-net|1>   using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 16:27:14 04[KNL] <net-net|1>   using replay window of 32 packets
Dec 16 16:27:14 04[CHD] <net-net|1> adding outbound ESP SA
Dec 16 16:27:14 04[CHD] <net-net|1>   SPI 0x0c8e9d0c, src 192.168.0.132 dst 192.168.0.124
Dec 16 16:27:14 04[KNL] <net-net|1> adding SAD entry with SPI 0c8e9d0c and reqid {1}  (mark 0/0x00000000)
Dec 16 16:27:14 04[KNL] <net-net|1>   using encryption algorithm AES_CBC with key size 128
Dec 16 16:27:14 04[KNL] <net-net|1>   using integrity algorithm HMAC_SHA1_96 with key size 160
Dec 16 16:27:14 04[KNL] <net-net|1>   using replay window of 32 packets
Dec 16 16:27:14 04[KNL] <net-net|1> adding policy 192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] out  (mark 0/0x00000000)
Dec 16 16:27:14 04[KNL] <net-net|1> adding policy 192.168.0.124/32[udp] === 192.168.0.132/32[udp/l2tp] in  (mark 0/0x00000000)
Dec 16 16:27:14 04[KNL] <net-net|1> policy 192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] out  (mark 0/0x00000000) already exists, increasing refcount
Dec 16 16:27:14 04[KNL] <net-net|1> updating policy 192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] out  (mark 0/0x00000000)
Dec 16 16:27:14 04[KNL] <net-net|1> policy 192.168.0.124/32[udp] === 192.168.0.132/32[udp/l2tp] in  (mark 0/0x00000000) already exists, increasing refcount
Dec 16 16:27:14 04[KNL] <net-net|1> updating policy 192.168.0.124/32[udp] === 192.168.0.132/32[udp/l2tp] in  (mark 0/0x00000000)
Dec 16 16:27:14 04[IKE] <net-net|1> CHILD_SA net-net{1} established with SPIs c71db09a_i 0c8e9d0c_o and TS 192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] 
Dec 16 16:27:14 04[KNL] <net-net|1> 192.168.0.132 is on interface eno16777736
Dec 16 16:27:14 04[MGR] <net-net|1> checkin IKE_SA net-net[1]
Dec 16 16:27:14 04[MGR] <net-net|1> check-in of IKE_SA successful.



[root@- strongswan.d]# ipsec statusall
Status of IKE charon daemon (weakSwan 5.3.3, Linux 3.4.44, x86_64):
  uptime: 5 minutes, since Dec 16 16:27:06 2015
  malloc: sbrk 2023424, mmap 0, used 1257568, free 765856
  worker threads: 1 of 6 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic unity
Listening IP addresses:
  192.168.0.132
  192.168.152.150
  192.168.152.132
  192.168.233.128
Connections:
     net-net:  192.168.0.132...192.168.0.124  IKEv1
     net-net:   local:  [192.168.0.132] uses pre-shared key authentication
     net-net:   remote: [192.168.0.124] uses pre-shared key authentication
     net-net:   child:  0.0.0.0/0 === 0.0.0.0/0 TRANSPORT
Security Associations (1 up, 0 connecting):
     net-net[1]: ESTABLISHED 5 minutes ago, 192.168.0.132[192.168.0.132]...192.168.0.124[192.168.0.124]
     net-net[1]: IKEv1 SPIs: 93baf6ca86368600_i da8704758e4e31b4_r*, pre-shared key reauthentication in 49 minutes
     net-net[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
     net-net{1}:  INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c71db09a_i 0c8e9d0c_o
     net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 115 bytes_i (1 pkt, 321s ago), 0 bytes_o, rekeying in 8 minutes
     net-net{1}:   192.168.0.132/32[udp/l2tp] === 192.168.0.124/32[udp] 
No leaks detected, 1 suppressed by whitelist
[root@- strongswan.d]# 
阅读更多
文章标签: strongswan
个人分类: strongswan
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭