hello,
I have a site-to-site tunnel with ikev1 configured (I think) between an mx and strongswan. however I can't pass traffic between the two.
goal at the end of this is to have a particular vlan 10.240.82.0/24 send all its traffic out the vpn.
its shows connected (from what I can tell).
any help would be most appreciated.
root@ams-ubuntu-vpn:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.2, Linux 5.4.0-65-generic, x86_64):
uptime: 11 minutes, since Feb 07 03:53:41 2021
malloc: sbrk 1757184, mmap 0, used 907424, free 849760
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7
loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey
sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs
dhcp lookip error-notify certexpire led addrblock unity counters
Listening IP addresses:
public-ip-of-strongswan
10.18.0.5
10.110.0.2
Connections:
vpn-to-mx: %any...public-ip-of-mx IKEv1, dpddelay=30s
vpn-to-mx: local: [public-ip-of-strongswan] uses pre-shared key authentication
vpn-to-mx: remote: [public-ip-of-mx] uses pre-shared key authentication
vpn-to-mx: child: 0.0.0.0/0 === 10.240.82.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
vpn-to-mx[3]: ESTABLISHED 6 minutes ago, public-ip-of-strongswan[public-ip-of-strongswan]...public-ip-of-mx[public-ip-of-mx]
vpn-to-mx[3]: IKEv1 SPIs: adfd527d8a576bba_i 237d2ccf09786ad0_r*, pre-shared key reauthentication in 42 minutes
vpn-to-mx[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
vpn-to-mx{3}: REKEYED, TUNNEL, reqid 2, expires in 7 hours
vpn-to-mx{3}: 0.0.0.0/0 === 10.240.82.0/24
vpn-to-mx{4}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: cc01d4d8_i c8fc19e5_o
vpn-to-mx{4}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 26292 bytes_o (313 pkts, 3s ago), rekeying in 7 hours
vpn-to-mx{4}: 0.0.0.0/0 === 10.240.82.0/24
root@ams-ubuntu-vpn:~# cat /etc/ipsec.conf
config setup
strictcrlpolicy=no
uniqueids = yes
charondebug = "all"
# VPN to MX
conn vpn-to-mx
authby=secret
left=%defaultroute
leftid=public-ip-strongswan
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=public-ip-of-mx
rightid=public-ip-of-mx
rightsubnet=10.240.82.0/24
ike=aes256-sha1-modp1536
esp=aes256-sha1
keyingtries=%forever
leftauth=psk
rightauth=psk
keyexchange=ikev1
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start