Strongswan ipsec tool: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=ipsec= ==start== ipsec start Starting strongSwan 5.1.2 IPsec [starter]... ==stop== ipsec stop Stopping strongSwan IPsec... ==restart== ipsec restart Stopp…“) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 16: | Zeile 16: | ||
franz-huey{1}: INSTALLED, TUNNEL, ESP SPIs: c31e2d68_i 2b95ea12_o | franz-huey{1}: INSTALLED, TUNNEL, ESP SPIs: c31e2d68_i 2b95ea12_o | ||
franz-huey{1}: 10.18.44.0/24 === 10.4.3.0/24 | franz-huey{1}: 10.18.44.0/24 === 10.4.3.0/24 | ||
| + | =status all= | ||
| + | ipsec statusall | ||
| + | Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-24-generic, x86_64): | ||
| + | uptime: 19 hours, since Oct 15 20:36:48 2014 | ||
| + | malloc: sbrk 2433024, mmap 0, used 389488, free 2043536 | ||
| + | worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6 | ||
| + | loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock | ||
| + | Listening IP addresses: | ||
| + | 192.168.244.151 | ||
| + | 10.18.44.1 | ||
| + | Connections: | ||
| + | net: 192.168.244.151...192.168.242.249 IKEv1 | ||
| + | net: local: [C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de] uses public key authentication | ||
| + | net: cert: "C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de" | ||
| + | net: remote: [C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de] uses public key authentication | ||
| + | net: child: 10.18.44.0/24 === 10.4.3.0/24 TUNNEL | ||
| + | Security Associations (1 up, 0 connecting): | ||
| + | net[28]: ESTABLISHED 42 minutes ago, 192.168.244.151[C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de]...192.168.242.249[C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de] | ||
| + | net[28]: IKEv1 SPIs: 2bdce09d8f4f69cb_i 4a508d128f6b10d1_r*, public key reauthentication in 119 minutes | ||
| + | net[28]: IKE proposal: AES_CBC_192/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536 | ||
| + | net{2}: REKEYING, TUNNEL, expires in 13 minutes | ||
| + | net{2}: 10.18.44.0/24 === 10.4.3.0/24 | ||
| + | net{2}: INSTALLED, TUNNEL, ESP SPIs: cc9ee3b8_i 078fd1d4_o | ||
| + | net{2}: AES_CBC_192/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 44 minutes | ||
| + | net{2}: 10.18.44.0/24 === 10.4.3.0/24 | ||
==down connection== | ==down connection== | ||
ipsec down franz-huey | ipsec down franz-huey | ||
| Zeile 27: | Zeile 52: | ||
sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (92 bytes) | sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (92 bytes) | ||
IKE_SA [1] closed successfully | IKE_SA [1] closed successfully | ||
| + | |||
==up connection== | ==up connection== | ||
ipsec up franz-huey | ipsec up franz-huey | ||
Version vom 16. Oktober 2014, 14:32 Uhr
ipsec
start
ipsec start
Starting strongSwan 5.1.2 IPsec [starter]...
stop
ipsec stop
Stopping strongSwan IPsec...
restart
ipsec restart
Stopping strongSwan IPsec... Starting strongSwan 5.1.2 IPsec [starter]...
status
ipsec status
Security Associations (1 up, 0 connecting):
franz-huey[1]: ESTABLISHED 25 seconds ago, 192.168.244.151[192.168.244.151]...192.168.242.249[192.168.242.249]
franz-huey{1}: INSTALLED, TUNNEL, ESP SPIs: c31e2d68_i 2b95ea12_o
franz-huey{1}: 10.18.44.0/24 === 10.4.3.0/24
status all
ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-24-generic, x86_64):
uptime: 19 hours, since Oct 15 20:36:48 2014
malloc: sbrk 2433024, mmap 0, used 389488, free 2043536
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
Listening IP addresses:
192.168.244.151
10.18.44.1
Connections:
net: 192.168.244.151...192.168.242.249 IKEv1
net: local: [C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de] uses public key authentication
net: cert: "C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de"
net: remote: [C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de] uses public key authentication
net: child: 10.18.44.0/24 === 10.4.3.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
net[28]: ESTABLISHED 42 minutes ago, 192.168.244.151[C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=huey.xinux.org, E=technik@xinux.de]...192.168.242.249[C=de, ST=rlp, L=zweibruecken, O=xinux, OU=edv, CN=franz.xinux.org, E=technik@xinux.de]
net[28]: IKEv1 SPIs: 2bdce09d8f4f69cb_i 4a508d128f6b10d1_r*, public key reauthentication in 119 minutes
net[28]: IKE proposal: AES_CBC_192/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536
net{2}: REKEYING, TUNNEL, expires in 13 minutes
net{2}: 10.18.44.0/24 === 10.4.3.0/24
net{2}: INSTALLED, TUNNEL, ESP SPIs: cc9ee3b8_i 078fd1d4_o
net{2}: AES_CBC_192/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 44 minutes
net{2}: 10.18.44.0/24 === 10.4.3.0/24
down connection
ipsec down franz-huey
closing CHILD_SA franz-huey{1} with SPIs c31e2d68_i (0 bytes) 2b95ea12_o (0 bytes) and TS 10.18.44.0/24 === 10.4.3.0/24
sending DELETE for ESP CHILD_SA with SPI c31e2d68
generating INFORMATIONAL_V1 request 1665106720 [ HASH D ]
sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (76 bytes)
deleting IKE_SA franz-huey[1] between 192.168.244.151[192.168.244.151]...192.168.242.249[192.168.242.249]
sending DELETE for IKE_SA franz-huey[1]
generating INFORMATIONAL_V1 request 3546724926 [ HASH D ]
sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (92 bytes)
IKE_SA [1] closed successfully
up connection
ipsec up franz-huey
initiating IKE_SA franz-huey[3] to 192.168.242.249
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (1036 bytes)
received packet: from 192.168.242.249[500] to 192.168.244.151[500] (248 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No V ]
received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73
authentication of '192.168.244.151' (myself) with pre-shared key
establishing CHILD_SA franz-huey
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(EAP_ONLY) ]
sending packet: from 192.168.244.151[500] to 192.168.242.249[500] (348 bytes)
received packet: from 192.168.242.249[500] to 192.168.244.151[500] (204 bytes)
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
authentication of '192.168.242.249' with pre-shared key successful
IKE_SA franz-huey[3] established between 192.168.244.151[192.168.244.151]...192.168.242.249[192.168.242.249]
scheduling reauthentication in 9905s
maximum IKE_SA lifetime 10445s
CHILD_SA franz-huey{4} established with SPIs cefb8ece_i 14440f5e_o and TS 10.18.44.0/24 === 10.4.3.0/24
connection 'franz-huey' established successfully