1,108
edits
Changes
no edit summary
HUB-HUB_c{3}: 0.0.0.0/0 === 10.20.30.1/32
HUB-HUB_c{3}: 0.0.0.0/0 === 10.20.30.1/32
</pre>
</pre>
<pre> /tmp/ipsec/ipsec.conf </pre> command output:
<pre>
root@Teltonika-RUTX12:~# cat /tmp/ipsec/ipsec.conf
# generated by /etc/init.d/ipsec
version 2
conn HUB-HUB_c
left=%any
right=%any
leftfirewall=yes
rightfirewall=no
ikelifetime=3h
lifetime=1h
margintime=9m
keyingtries=3
dpdaction=none
dpddelay=30s
dpdtimeout=90s
leftauth=psk
rightauth=psk
rightsourceip=10.20.30.0/24
auto=start
leftsubnet=0.0.0.0/0
rightdns=9.9.9.9
aggressive=no
forceencaps=no
type=tunnel
keyexchange=ikev2
esp=aes128-sha256-ecp521!
ike=aes256-sha512-ecp521!
</pre>
===RUT2 (SPOKE) side===
----
<pre>
root@Teltonika-RUT955:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.229, mips):
uptime: 23 hours, since Mar 20 12:21:06 2023
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9
loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic
Listening IP addresses:
192.168.86.197
192.168.9.1
fd35:98cd:61f0::1
Connections:
passth_SPOKE_ph2_1_lan: %any...%any IKEv1/2
passth_SPOKE_ph2_1_lan: local: uses public key authentication
passth_SPOKE_ph2_1_lan: remote: uses public key authentication
passth_SPOKE_ph2_1_lan: child: 192.168.9.0/24 === 192.168.9.0/24 PASS
SPOKE-SPOKE_c: %any...84.15.162.30 IKEv2
SPOKE-SPOKE_c: local: uses pre-shared key authentication
SPOKE-SPOKE_c: remote: [84.15.162.30] uses pre-shared key authentication
SPOKE-SPOKE_c: child: dynamic === 0.0.0.0/0 TUNNEL
Shunted Connections:
passth_SPOKE_ph2_1_lan: 192.168.9.0/24 === 192.168.9.0/24 PASS
Security Associations (1 up, 0 connecting):
SPOKE-SPOKE_c[431]: ESTABLISHED 77 minutes ago, 192.168.86.197[192.168.86.197]...84.15.162.30[84.15.162.30]
SPOKE-SPOKE_c[431]: IKEv2 SPIs: ded11f31c20352dc_i* 58ebc8d96264c21e_r, pre-shared key reauthentication in 77 minutes
SPOKE-SPOKE_c[431]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
SPOKE-SPOKE_c{14}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c7382615_i c27cb140_o
SPOKE-SPOKE_c{14}: AES_CBC_128/HMAC_SHA2_256_128/ECP_521, 136768 bytes_i (536 pkts, 6s ago), 235975 bytes_o (2169 pkts, 1s ago), rekeying in 13 minutes
SPOKE-SPOKE_c{14}: 10.20.30.1/32 === 0.0.0.0/0
</pre>
<pre>
root@Teltonika-RUT955:~# cat /tmp/ipsec/ipsec.conf
# generated by /etc/init.d/ipsec
version 2
conn passth_SPOKE_ph2_1_lan
type=passthrough
leftsubnet=192.168.9.1/24
rightsubnet=192.168.9.1/24
auto=route
conn SPOKE-SPOKE_c
left=%any
right=84.15.162.30
leftsourceip=%config
leftfirewall=yes
rightfirewall=no
ikelifetime=3h
lifetime=1h
margintime=9m
keyingtries=3
dpdaction=none
dpddelay=30s
dpdtimeout=90s
leftauth=psk
rightauth=psk
rightsubnet=0.0.0.0/0
auto=start
aggressive=no
forceencaps=no
type=tunnel
keyexchange=ikev2
esp=aes128-sha256-ecp521!
ike=aes256-sha512-ecp521!
</pre>
== See also ==
== See also ==
== External links ==
== External links ==
