Strongswan Site to Site vpn configuration:
I have two virtual routers. one is r-21 and the second one is r-22.
The below is the strongswan ipsec vpn configuration on both VRs.
root@r-21-QA:/etc/ipsec.d# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0e:00:a9:fe:02:21 brd ff:ff:ff:ff:ff:ff
inet 169.254.2.33/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:00:0a:00:00:0f brd ff:ff:ff:ff:ff:ff
inet 10.147.46.103/24 brd 10.147.46.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:00:44:8c:00:03 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.1/24 brd 10.1.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:00:4a:59:00:05 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.1/24 brd 10.1.2.255 scope global eth3
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
nat_traversal=yes
charonstart=yes
plutostart=yes
plutodebug=control
include /etc/ipsec.d/*.conf
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# cat /etc/ipsec.d^C
root@r-21-QA:/etc/ipsec.d# pwd
/etc/ipsec.d
root@r-21-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.104.conf
conn vpn-10.147.46.104
left=10.147.46.103
leftsubnet=10.1.0.0/16
#leftnexthop=10.147.46.1
right=10.147.46.104
rightsubnet=10.2.1.0/24,10.2.2.0/24
type=tunnel
authby=secret
keyexchange=ikev1
ike=3des-md5
ikelifetime=86400s
esp=3des-md5
lifetime=3600s
#pfs=no
keyingtries=2
auto=start
root@r-21-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.104.secrets
10.147.46.103 10.147.46.104 : PSK "123456789"
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec status
Security Associations (1 up, 0 connecting):
vpn-10.147.46.104[1]: ESTABLISHED 69 minutes ago, 10.147.46.103[10.147.46.103]...10.147.46.104[10.147.46.104]
vpn-10.147.46.104{1}: INSTALLED, TUNNEL, ESP SPIs: c5544282_i c5dc6c61_o
vpn-10.147.46.104{1}: 10.1.0.0/16 === 10.2.1.0/24
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.2.0-4-amd64, x86_64):
uptime: 69 minutes, since Aug 08 09:46:31 2016
malloc: sbrk 532480, mmap 0, used 390112, free 142368
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
169.254.2.33
10.147.46.103
10.1.1.1
10.1.2.1
Connections:
vpn-10.147.46.104: 10.147.46.103...10.147.46.104 IKEv1
vpn-10.147.46.104: local: [10.147.46.103] uses pre-shared key authentication
vpn-10.147.46.104: remote: [10.147.46.104] uses pre-shared key authentication
vpn-10.147.46.104: child: 10.1.0.0/16 === 10.2.1.0/24 10.2.2.0/24 TUNNEL
L2TP-PSK: 172.26.0.151...%any IKEv1
L2TP-PSK: local: [172.26.0.151] uses pre-shared key authentication
L2TP-PSK: remote: uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp/l2f] === 10.0.0.0/8[udp] TUNNEL
Security Associations (1 up, 0 connecting):
vpn-10.147.46.104[1]: ESTABLISHED 69 minutes ago, 10.147.46.103[10.147.46.103]...10.147.46.104[10.147.46.104]
vpn-10.147.46.104[1]: IKEv1 SPIs: 35b39d866a70abdf_i* 86bee069adbe4541_r, pre-shared key reauthentication in 22 hours
vpn-10.147.46.104[1]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
vpn-10.147.46.104{1}: INSTALLED, TUNNEL, ESP SPIs: c5544282_i c5dc6c61_o
vpn-10.147.46.104{1}: 3DES_CBC/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 16 minutes
vpn-10.147.46.104{1}: 10.1.0.0/16 === 10.2.1.0/24
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec listall
List of registered IKE algorithms:
encryption: AES_CBC[aes] RC2_CBC[rc2] 3DES_CBC[openssl] CAMELLIA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl]
DES_CBC[openssl] DES_ECB[openssl] NULL[openssl]
integrity: HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl]
HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
AES_XCBC_96[xcbc]
aead: AES_GCM_8[openssl] AES_GCM_12[openssl] AES_GCM_16[openssl]
hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
HASH_MD4[openssl]
prf: PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl]
PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
PRF_CAMELLIA128_XCBC[xcbc]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl]
ECP_192[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]
random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
nonce-gen: [nonce]
List of loaded Plugins:
charon:
CUSTOM:libcharon
NONCE_GEN
CUSTOM:libcharon-receiver
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
CUSTOM:libcharon-receiver
HASHER:HASH_SHA1
RNG:RNG_STRONG
CUSTOM:socket
aes:
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
rc2:
CRYPTER:RC2_CBC-0
sha1:
HASHER:HASH_SHA1
PRF:PRF_KEYED_SHA1
sha2:
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
md5:
HASHER:HASH_MD5
random:
RNG:RNG_STRONG
RNG:RNG_TRUE
nonce:
NONCE_GEN
RNG:RNG_WEAK
x509:
CERT_ENCODE:X509
HASHER:HASH_SHA1
CERT_DECODE:X509
HASHER:HASH_SHA1
PUBKEY:ANY
CERT_ENCODE:X509_AC
CERT_DECODE:X509_AC
CERT_ENCODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_ENCODE:X509_OCSP_REQUEST
HASHER:HASH_SHA1
RNG:RNG_WEAK
CERT_DECODE:X509_OCSP_RESPONSE
CERT_ENCODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
revocation:
CUSTOM:revocation
CERT_ENCODE:X509_OCSP_REQUEST (soft)
CERT_DECODE:X509_OCSP_RESPONSE (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509 (soft)
FETCHER:(null) (soft)
constraints:
CUSTOM:constraints
CERT_DECODE:X509 (soft)
pubkey:
CERT_ENCODE:TRUSTED_PUBKEY
CERT_DECODE:TRUSTED_PUBKEY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
pkcs1:
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
PUBKEY:RSA
pkcs7:
CONTAINER_DECODE:PKCS7
CONTAINER_ENCODE:PKCS7_DATA
CONTAINER_ENCODE:PKCS7_SIGNED_DATA
CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
pkcs12:
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS7
CERT_DECODE:X509 (soft)
PRIVKEY:ANY (soft)
HASHER:HASH_SHA1 (soft)
CRYPTER:3DES_CBC-24 (soft)
CRYPTER:RC2_CBC-0 (soft)
pgp:
PRIVKEY:ANY
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA
CERT_DECODE:PGP
dnskey:
PUBKEY:ANY
PUBKEY:RSA
sshkey:
PUBKEY:ANY
CERT_DECODE:TRUSTED_PUBKEY
pem:
PRIVKEY:ANY
PRIVKEY:ANY
HASHER:HASH_MD5 (soft)
PRIVKEY:RSA
PRIVKEY:RSA
HASHER:HASH_MD5 (soft)
PRIVKEY:ECDSA
PRIVKEY:ECDSA
HASHER:HASH_MD5 (soft)
PRIVKEY:DSA (not loaded)
PRIVKEY:DSA
HASHER:HASH_MD5 (soft)
PUBKEY:ANY
PUBKEY:ANY
PUBKEY:RSA
PUBKEY:RSA
PUBKEY:ECDSA
PUBKEY:ECDSA
PUBKEY:DSA (not loaded)
PUBKEY:DSA
CERT_DECODE:ANY
CERT_DECODE:X509 (soft)
CERT_DECODE:PGP (soft)
CERT_DECODE:X509
CERT_DECODE:X509
CERT_DECODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_DECODE:X509_OCSP_REQUEST (not loaded)
CERT_DECODE:X509_OCSP_REQUEST
CERT_DECODE:X509_OCSP_RESPONSE
CERT_DECODE:X509_OCSP_RESPONSE
CERT_DECODE:X509_AC
CERT_DECODE:X509_AC
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:TRUSTED_PUBKEY
CERT_DECODE:TRUSTED_PUBKEY
CERT_DECODE:PGP
CERT_DECODE:PGP
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS12
openssl:
CUSTOM:openssl-threading
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
CRYPTER:CAMELLIA_CBC-16
CRYPTER:CAMELLIA_CBC-24
CRYPTER:CAMELLIA_CBC-32
CRYPTER:CAST_CBC-0
CRYPTER:BLOWFISH_CBC-0
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
CRYPTER:NULL-0
HASHER:HASH_MD4
HASHER:HASH_MD5
HASHER:HASH_SHA1
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
PRF:PRF_KEYED_SHA1
PRF:PRF_HMAC_MD5
PRF:PRF_HMAC_SHA1
PRF:PRF_HMAC_SHA2_256
PRF:PRF_HMAC_SHA2_384
PRF:PRF_HMAC_SHA2_512
SIGNER:HMAC_MD5_96
SIGNER:HMAC_MD5_128
SIGNER:HMAC_SHA1_96
SIGNER:HMAC_SHA1_128
SIGNER:HMAC_SHA1_160
SIGNER:HMAC_SHA2_256_128
SIGNER:HMAC_SHA2_256_256
SIGNER:HMAC_SHA2_384_192
SIGNER:HMAC_SHA2_384_384
SIGNER:HMAC_SHA2_512_256
SIGNER:HMAC_SHA2_512_512
AEAD:AES_GCM_8-16
AEAD:AES_GCM_8-24
AEAD:AES_GCM_8-32
AEAD:AES_GCM_12-16
AEAD:AES_GCM_12-24
AEAD:AES_GCM_12-32
AEAD:AES_GCM_16-16
AEAD:AES_GCM_16-24
AEAD:AES_GCM_16-32
DH:MODP_2048
DH:MODP_2048_224
DH:MODP_2048_256
DH:MODP_1536
DH:MODP_3072
DH:MODP_4096
DH:MODP_6144
DH:MODP_8192
DH:MODP_1024
DH:MODP_1024_160
DH:MODP_768
DH:MODP_CUSTOM
PRIVKEY:RSA
PRIVKEY:ANY
PRIVKEY_GEN:RSA
PUBKEY:RSA
PUBKEY:ANY
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
CERT_DECODE:X509
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
CERT_DECODE:X509_CRL
CONTAINER_DECODE:PKCS7
CONTAINER_DECODE:PKCS12
DH:ECP_256
DH:ECP_384
DH:ECP_521
DH:ECP_224
DH:ECP_192
DH:ECP_224_BP
DH:ECP_256_BP
DH:ECP_384_BP
DH:ECP_512_BP
PRIVKEY:ECDSA
PRIVKEY_GEN:ECDSA
PUBKEY:ECDSA
PRIVKEY_SIGN:ECDSA_WITH_NULL
PUBKEY_VERIFY:ECDSA_WITH_NULL
PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER
PRIVKEY_SIGN:ECDSA-256
PUBKEY_VERIFY:ECDSA-256
PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER
PRIVKEY_SIGN:ECDSA-384
PRIVKEY_SIGN:ECDSA-521
PUBKEY_VERIFY:ECDSA-384
PUBKEY_VERIFY:ECDSA-521
RNG:RNG_STRONG
RNG:RNG_WEAK
fips-prf:
PRF:PRF_FIPS_SHA1_160
PRF:PRF_KEYED_SHA1
gmp:
DH:MODP_2048
RNG:RNG_STRONG
DH:MODP_2048_224
RNG:RNG_STRONG
DH:MODP_2048_256
RNG:RNG_STRONG
DH:MODP_1536
RNG:RNG_STRONG
DH:MODP_3072
RNG:RNG_STRONG
DH:MODP_4096
RNG:RNG_STRONG
DH:MODP_6144
RNG:RNG_STRONG
DH:MODP_8192
RNG:RNG_STRONG
DH:MODP_1024
RNG:RNG_STRONG
DH:MODP_1024_160
RNG:RNG_STRONG
DH:MODP_768
RNG:RNG_STRONG
DH:MODP_CUSTOM
RNG:RNG_STRONG
PRIVKEY:RSA
PRIVKEY_GEN:RSA
RNG:RNG_TRUE
PUBKEY:RSA
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
HASHER:HASH_SHA224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
HASHER:HASH_SHA256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
HASHER:HASH_SHA384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
HASHER:HASH_SHA512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
HASHER:HASH_SHA224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
HASHER:HASH_SHA256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
HASHER:HASH_SHA384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
HASHER:HASH_SHA512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
RNG:RNG_WEAK
agent:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
xcbc:
PRF:PRF_AES128_XCBC
CRYPTER:AES_CBC-16
PRF:PRF_CAMELLIA128_XCBC
CRYPTER:CAMELLIA_CBC-16
SIGNER:CAMELLIA_XCBC_96
CRYPTER:CAMELLIA_CBC-16
SIGNER:AES_XCBC_96
CRYPTER:AES_CBC-16
hmac:
PRF:PRF_HMAC_SHA1
HASHER:HASH_SHA1
PRF:PRF_HMAC_MD5
HASHER:HASH_MD5
PRF:PRF_HMAC_SHA2_256
HASHER:HASH_SHA256
PRF:PRF_HMAC_SHA2_384
HASHER:HASH_SHA384
PRF:PRF_HMAC_SHA2_512
HASHER:HASH_SHA512
SIGNER:HMAC_SHA1_96
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_128
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_160
HASHER:HASH_SHA1
SIGNER:HMAC_MD5_96
HASHER:HASH_MD5
SIGNER:HMAC_MD5_128
HASHER:HASH_MD5
SIGNER:HMAC_SHA2_256_128
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_256_256
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_384_192
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_384_384
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_512_256
HASHER:HASH_SHA512
SIGNER:HMAC_SHA2_512_512
HASHER:HASH_SHA512
gcm:
AEAD:AES_GCM_8-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_8-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_8-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_12-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_12-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_12-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_16-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_16-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_16-32
CRYPTER:AES_CBC-32
attr:
CUSTOM:attr
kernel-netlink:
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
resolve:
CUSTOM:resolve
socket-default:
CUSTOM:socket
CUSTOM:kernel-ipsec (soft)
farp:
CUSTOM:farp
stroke:
CUSTOM:stroke
PRIVKEY:RSA (soft)
PRIVKEY:ECDSA (soft)
PRIVKEY:DSA (soft)
CERT_DECODE:ANY (soft)
CERT_DECODE:X509 (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509_AC (soft)
CERT_DECODE:TRUSTED_PUBKEY (soft)
updown:
CUSTOM:updown
eap-identity:
EAP_SERVER:ID
EAP_CLIENT:ID
eap-aka:
CUSTOM:aka-manager
EAP_SERVER:AKA
RNG:RNG_WEAK
HASHER:HASH_SHA1
PRF:PRF_FIPS_SHA1_160
SIGNER:HMAC_SHA1_128
CRYPTER:AES_CBC-16
EAP_CLIENT:AKA
RNG:RNG_WEAK
HASHER:HASH_SHA1
PRF:PRF_FIPS_SHA1_160
SIGNER:HMAC_SHA1_128
CRYPTER:AES_CBC-16
eap-md5:
EAP_SERVER:MD5
HASHER:HASH_MD5
RNG:RNG_WEAK
EAP_CLIENT:MD5
HASHER:HASH_MD5
RNG:RNG_WEAK
eap-gtc:
EAP_SERVER:GTC
EAP_CLIENT:GTC
eap-mschapv2:
EAP_SERVER:MSCHAPV2
CRYPTER:DES_ECB-8
HASHER:HASH_MD4
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:MSCHAPV2
CRYPTER:DES_ECB-8
HASHER:HASH_MD4
HASHER:HASH_SHA1
RNG:RNG_WEAK
eap-radius:
EAP_SERVER:RAD
CUSTOM:eap-radius
XAUTH_SERVER:radius
CUSTOM:eap-radius
CUSTOM:eap-radius
HASHER:HASH_MD5
SIGNER:HMAC_MD5_128
RNG:RNG_WEAK
eap-tls:
EAP_SERVER:TLS
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:TLS
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
RNG:RNG_STRONG
eap-ttls:
EAP_SERVER:TTLS
EAP_SERVER:ID
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:TTLS
EAP_CLIENT:ID
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
RNG:RNG_STRONG
eap-tnc:
EAP_SERVER:TNC
EAP_SERVER:TTLS
CUSTOM:tnccs-manager
EAP_CLIENT:TNC
EAP_CLIENT:TTLS
CUSTOM:tnccs-manager
EAP_SERVER:PT
EAP_SERVER:TTLS
CUSTOM:tnccs-manager
EAP_CLIENT:PT
EAP_CLIENT:TTLS
CUSTOM:tnccs-manager
xauth-generic:
XAUTH_SERVER:generic
XAUTH_CLIENT:generic
xauth-eap:
XAUTH_SERVER:eap
xauth-pam:
XAUTH_SERVER:pam
tnc-tnccs:
CUSTOM:tnccs-manager
dhcp:
CUSTOM:dhcp
RNG:RNG_WEAK
lookip:
CUSTOM:lookip
error-notify:
CUSTOM:error-notify
certexpire:
CUSTOM:certexpire
led:
CUSTOM:led
addrblock:
CUSTOM:addrblock
CERT_DECODE:X509 (soft)
unity:
CUSTOM:unity
root@r-21-QA:/etc/ipsec.d#
======================================================
root@r-22-QA:/etc/ipsec.d# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0e:00:a9:fe:01:03 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.3/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 1e:00:75:00:00:10 brd ff:ff:ff:ff:ff:ff
inet 10.147.46.104/24 brd 10.147.46.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:00:56:d7:00:05 brd ff:ff:ff:ff:ff:ff
inet 10.2.1.1/24 brd 10.2.1.255 scope global eth2
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 02:00:78:4f:00:05 brd ff:ff:ff:ff:ff:ff
inet 10.2.2.1/24 brd 10.2.2.255 scope global eth3
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.103.conf
conn vpn-10.147.46.103
left=10.147.46.104
leftsubnet=10.2.0.0/16
leftnexthop=10.147.46.1
right=10.147.46.103
rightsubnet=10.1.0.0/16
type=tunnel
authby=secret
keyexchange=ike
ike=3des-md5-modp1024
ikelifetime=86400s
esp=3des-md5
lifetime=3600s
#pfs=no
keyingtries=2
auto=start
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.103.secrets
10.147.46.104 10.147.46.103 : PSK "123456789"
root@r-22-QA:/etc/ipsec.d# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
#nat_traversal=yes
#charonstart=yes
#plutostart=yes
#plutodebug=control
include /etc/ipsec.d/*.conf
root@r-22-QA:/etc/ipsec.d# ipsec status
Security Associations (1 up, 0 connecting):
vpn-10.147.46.103[6]: ESTABLISHED 73 minutes ago, 10.147.46.104[10.147.46.104]...10.147.46.103[10.147.46.103]
vpn-10.147.46.103{5}: INSTALLED, TUNNEL, ESP SPIs: c5dc6c61_i c5544282_o
vpn-10.147.46.103{5}: 10.2.1.0/24 === 10.1.0.0/16
root@r-22-QA:/etc/ipsec.d# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.2.0-4-amd64, x86_64):
uptime: 92 minutes, since Aug 08 09:27:46 2016
malloc: sbrk 536576, mmap 0, used 391504, free 145072
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
169.254.1.3
10.147.46.104
10.2.1.1
10.2.2.1
Connections:
vpn-10.147.46.103: 10.147.46.104...10.147.46.103 IKEv1/2
vpn-10.147.46.103: local: [10.147.46.104] uses pre-shared key authentication
vpn-10.147.46.103: remote: [10.147.46.103] uses pre-shared key authentication
vpn-10.147.46.103: child: 10.2.0.0/16 === 10.1.0.0/16 TUNNEL
L2TP-PSK: 172.26.0.151...%any IKEv1
L2TP-PSK: local: [172.26.0.151] uses pre-shared key authentication
L2TP-PSK: remote: uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp/l2f] === 10.0.0.0/8[udp] TUNNEL
Security Associations (1 up, 0 connecting):
vpn-10.147.46.103[6]: ESTABLISHED 73 minutes ago, 10.147.46.104[10.147.46.104]...10.147.46.103[10.147.46.103]
vpn-10.147.46.103[6]: IKEv1 SPIs: 35b39d866a70abdf_i 86bee069adbe4541_r*, pre-shared key reauthentication in 22 hours
vpn-10.147.46.103[6]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
vpn-10.147.46.103{5}: INSTALLED, TUNNEL, ESP SPIs: c5dc6c61_i c5544282_o
vpn-10.147.46.103{5}: 3DES_CBC/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 16 minutes
vpn-10.147.46.103{5}: 10.2.1.0/24 === 10.1.0.0/16
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# ipsec listall
List of registered IKE algorithms:
encryption: AES_CBC[aes] RC2_CBC[rc2] 3DES_CBC[openssl] CAMELLIA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl]
DES_CBC[openssl] DES_ECB[openssl] NULL[openssl]
integrity: HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl]
HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
AES_XCBC_96[xcbc]
aead: AES_GCM_8[openssl] AES_GCM_12[openssl] AES_GCM_16[openssl]
hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
HASH_MD4[openssl]
prf: PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl]
PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
PRF_CAMELLIA128_XCBC[xcbc]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl]
ECP_192[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]
random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
nonce-gen: [nonce]
List of loaded Plugins:
charon:
CUSTOM:libcharon
NONCE_GEN
CUSTOM:libcharon-receiver
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
CUSTOM:libcharon-receiver
HASHER:HASH_SHA1
RNG:RNG_STRONG
CUSTOM:socket
aes:
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
rc2:
CRYPTER:RC2_CBC-0
sha1:
HASHER:HASH_SHA1
PRF:PRF_KEYED_SHA1
sha2:
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
md5:
HASHER:HASH_MD5
random:
RNG:RNG_STRONG
RNG:RNG_TRUE
nonce:
NONCE_GEN
RNG:RNG_WEAK
x509:
CERT_ENCODE:X509
HASHER:HASH_SHA1
CERT_DECODE:X509
HASHER:HASH_SHA1
PUBKEY:ANY
CERT_ENCODE:X509_AC
CERT_DECODE:X509_AC
CERT_ENCODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_ENCODE:X509_OCSP_REQUEST
HASHER:HASH_SHA1
RNG:RNG_WEAK
CERT_DECODE:X509_OCSP_RESPONSE
CERT_ENCODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
revocation:
CUSTOM:revocation
CERT_ENCODE:X509_OCSP_REQUEST (soft)
CERT_DECODE:X509_OCSP_RESPONSE (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509 (soft)
FETCHER:(null) (soft)
constraints:
CUSTOM:constraints
CERT_DECODE:X509 (soft)
pubkey:
CERT_ENCODE:TRUSTED_PUBKEY
CERT_DECODE:TRUSTED_PUBKEY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
pkcs1:
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
PUBKEY:RSA
pkcs7:
CONTAINER_DECODE:PKCS7
CONTAINER_ENCODE:PKCS7_DATA
CONTAINER_ENCODE:PKCS7_SIGNED_DATA
CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
pkcs12:
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS7
CERT_DECODE:X509 (soft)
PRIVKEY:ANY (soft)
HASHER:HASH_SHA1 (soft)
CRYPTER:3DES_CBC-24 (soft)
CRYPTER:RC2_CBC-0 (soft)
pgp:
PRIVKEY:ANY
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA
CERT_DECODE:PGP
dnskey:
PUBKEY:ANY
PUBKEY:RSA
sshkey:
PUBKEY:ANY
CERT_DECODE:TRUSTED_PUBKEY
pem:
PRIVKEY:ANY
PRIVKEY:ANY
HASHER:HASH_MD5 (soft)
PRIVKEY:RSA
PRIVKEY:RSA
HASHER:HASH_MD5 (soft)
PRIVKEY:ECDSA
PRIVKEY:ECDSA
HASHER:HASH_MD5 (soft)
PRIVKEY:DSA (not loaded)
PRIVKEY:DSA
HASHER:HASH_MD5 (soft)
PUBKEY:ANY
PUBKEY:ANY
PUBKEY:RSA
PUBKEY:RSA
PUBKEY:ECDSA
PUBKEY:ECDSA
PUBKEY:DSA (not loaded)
PUBKEY:DSA
CERT_DECODE:ANY
CERT_DECODE:X509 (soft)
CERT_DECODE:PGP (soft)
CERT_DECODE:X509
CERT_DECODE:X509
CERT_DECODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_DECODE:X509_OCSP_REQUEST (not loaded)
CERT_DECODE:X509_OCSP_REQUEST
CERT_DECODE:X509_OCSP_RESPONSE
CERT_DECODE:X509_OCSP_RESPONSE
CERT_DECODE:X509_AC
CERT_DECODE:X509_AC
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:TRUSTED_PUBKEY
CERT_DECODE:TRUSTED_PUBKEY
CERT_DECODE:PGP
CERT_DECODE:PGP
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS12
openssl:
CUSTOM:openssl-threading
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
CRYPTER:CAMELLIA_CBC-16
CRYPTER:CAMELLIA_CBC-24
CRYPTER:CAMELLIA_CBC-32
CRYPTER:CAST_CBC-0
CRYPTER:BLOWFISH_CBC-0
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
CRYPTER:NULL-0
HASHER:HASH_MD4
HASHER:HASH_MD5
HASHER:HASH_SHA1
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
PRF:PRF_KEYED_SHA1
PRF:PRF_HMAC_MD5
PRF:PRF_HMAC_SHA1
PRF:PRF_HMAC_SHA2_256
PRF:PRF_HMAC_SHA2_384
PRF:PRF_HMAC_SHA2_512
SIGNER:HMAC_MD5_96
SIGNER:HMAC_MD5_128
SIGNER:HMAC_SHA1_96
SIGNER:HMAC_SHA1_128
SIGNER:HMAC_SHA1_160
SIGNER:HMAC_SHA2_256_128
SIGNER:HMAC_SHA2_256_256
SIGNER:HMAC_SHA2_384_192
SIGNER:HMAC_SHA2_384_384
SIGNER:HMAC_SHA2_512_256
SIGNER:HMAC_SHA2_512_512
AEAD:AES_GCM_8-16
AEAD:AES_GCM_8-24
AEAD:AES_GCM_8-32
AEAD:AES_GCM_12-16
AEAD:AES_GCM_12-24
AEAD:AES_GCM_12-32
AEAD:AES_GCM_16-16
AEAD:AES_GCM_16-24
AEAD:AES_GCM_16-32
DH:MODP_2048
DH:MODP_2048_224
DH:MODP_2048_256
DH:MODP_1536
DH:MODP_3072
DH:MODP_4096
DH:MODP_6144
DH:MODP_8192
DH:MODP_1024
DH:MODP_1024_160
DH:MODP_768
DH:MODP_CUSTOM
PRIVKEY:RSA
PRIVKEY:ANY
PRIVKEY_GEN:RSA
PUBKEY:RSA
PUBKEY:ANY
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
CERT_DECODE:X509
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
CERT_DECODE:X509_CRL
CONTAINER_DECODE:PKCS7
CONTAINER_DECODE:PKCS12
DH:ECP_256
DH:ECP_384
DH:ECP_521
DH:ECP_224
DH:ECP_192
DH:ECP_224_BP
DH:ECP_256_BP
DH:ECP_384_BP
DH:ECP_512_BP
PRIVKEY:ECDSA
PRIVKEY_GEN:ECDSA
PUBKEY:ECDSA
PRIVKEY_SIGN:ECDSA_WITH_NULL
PUBKEY_VERIFY:ECDSA_WITH_NULL
PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER
PRIVKEY_SIGN:ECDSA-256
PUBKEY_VERIFY:ECDSA-256
PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER
PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER
PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER
PRIVKEY_SIGN:ECDSA-384
PRIVKEY_SIGN:ECDSA-521
PUBKEY_VERIFY:ECDSA-384
PUBKEY_VERIFY:ECDSA-521
RNG:RNG_STRONG
RNG:RNG_WEAK
fips-prf:
PRF:PRF_FIPS_SHA1_160
PRF:PRF_KEYED_SHA1
gmp:
DH:MODP_2048
RNG:RNG_STRONG
DH:MODP_2048_224
RNG:RNG_STRONG
DH:MODP_2048_256
RNG:RNG_STRONG
DH:MODP_1536
RNG:RNG_STRONG
DH:MODP_3072
RNG:RNG_STRONG
DH:MODP_4096
RNG:RNG_STRONG
DH:MODP_6144
RNG:RNG_STRONG
DH:MODP_8192
RNG:RNG_STRONG
DH:MODP_1024
RNG:RNG_STRONG
DH:MODP_1024_160
RNG:RNG_STRONG
DH:MODP_768
RNG:RNG_STRONG
DH:MODP_CUSTOM
RNG:RNG_STRONG
PRIVKEY:RSA
PRIVKEY_GEN:RSA
RNG:RNG_TRUE
PUBKEY:RSA
PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
HASHER:HASH_SHA224
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
HASHER:HASH_SHA256
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
HASHER:HASH_SHA384
PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
HASHER:HASH_SHA512
PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
HASHER:HASH_SHA1
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
HASHER:HASH_SHA224
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
HASHER:HASH_SHA256
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
HASHER:HASH_SHA384
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
HASHER:HASH_SHA512
PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
HASHER:HASH_MD5
PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
RNG:RNG_WEAK
agent:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
xcbc:
PRF:PRF_AES128_XCBC
CRYPTER:AES_CBC-16
PRF:PRF_CAMELLIA128_XCBC
CRYPTER:CAMELLIA_CBC-16
SIGNER:CAMELLIA_XCBC_96
CRYPTER:CAMELLIA_CBC-16
SIGNER:AES_XCBC_96
CRYPTER:AES_CBC-16
hmac:
PRF:PRF_HMAC_SHA1
HASHER:HASH_SHA1
PRF:PRF_HMAC_MD5
HASHER:HASH_MD5
PRF:PRF_HMAC_SHA2_256
HASHER:HASH_SHA256
PRF:PRF_HMAC_SHA2_384
HASHER:HASH_SHA384
PRF:PRF_HMAC_SHA2_512
HASHER:HASH_SHA512
SIGNER:HMAC_SHA1_96
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_128
HASHER:HASH_SHA1
SIGNER:HMAC_SHA1_160
HASHER:HASH_SHA1
SIGNER:HMAC_MD5_96
HASHER:HASH_MD5
SIGNER:HMAC_MD5_128
HASHER:HASH_MD5
SIGNER:HMAC_SHA2_256_128
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_256_256
HASHER:HASH_SHA256
SIGNER:HMAC_SHA2_384_192
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_384_384
HASHER:HASH_SHA384
SIGNER:HMAC_SHA2_512_256
HASHER:HASH_SHA512
SIGNER:HMAC_SHA2_512_512
HASHER:HASH_SHA512
gcm:
AEAD:AES_GCM_8-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_8-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_8-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_12-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_12-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_12-32
CRYPTER:AES_CBC-32
AEAD:AES_GCM_16-16
CRYPTER:AES_CBC-16
AEAD:AES_GCM_16-24
CRYPTER:AES_CBC-24
AEAD:AES_GCM_16-32
CRYPTER:AES_CBC-32
attr:
CUSTOM:attr
kernel-netlink:
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
resolve:
CUSTOM:resolve
socket-default:
CUSTOM:socket
CUSTOM:kernel-ipsec (soft)
farp:
CUSTOM:farp
stroke:
CUSTOM:stroke
PRIVKEY:RSA (soft)
PRIVKEY:ECDSA (soft)
PRIVKEY:DSA (soft)
CERT_DECODE:ANY (soft)
CERT_DECODE:X509 (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509_AC (soft)
CERT_DECODE:TRUSTED_PUBKEY (soft)
updown:
CUSTOM:updown
eap-identity:
EAP_SERVER:ID
EAP_CLIENT:ID
eap-aka:
CUSTOM:aka-manager
EAP_SERVER:AKA
RNG:RNG_WEAK
HASHER:HASH_SHA1
PRF:PRF_FIPS_SHA1_160
SIGNER:HMAC_SHA1_128
CRYPTER:AES_CBC-16
EAP_CLIENT:AKA
RNG:RNG_WEAK
HASHER:HASH_SHA1
PRF:PRF_FIPS_SHA1_160
SIGNER:HMAC_SHA1_128
CRYPTER:AES_CBC-16
eap-md5:
EAP_SERVER:MD5
HASHER:HASH_MD5
RNG:RNG_WEAK
EAP_CLIENT:MD5
HASHER:HASH_MD5
RNG:RNG_WEAK
eap-gtc:
EAP_SERVER:GTC
EAP_CLIENT:GTC
eap-mschapv2:
EAP_SERVER:MSCHAPV2
CRYPTER:DES_ECB-8
HASHER:HASH_MD4
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:MSCHAPV2
CRYPTER:DES_ECB-8
HASHER:HASH_MD4
HASHER:HASH_SHA1
RNG:RNG_WEAK
eap-radius:
EAP_SERVER:RAD
CUSTOM:eap-radius
XAUTH_SERVER:radius
CUSTOM:eap-radius
CUSTOM:eap-radius
HASHER:HASH_MD5
SIGNER:HMAC_MD5_128
RNG:RNG_WEAK
eap-tls:
EAP_SERVER:TLS
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:TLS
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
RNG:RNG_STRONG
eap-ttls:
EAP_SERVER:TTLS
EAP_SERVER:ID
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
EAP_CLIENT:TTLS
EAP_CLIENT:ID
HASHER:HASH_MD5
HASHER:HASH_SHA1
RNG:RNG_WEAK
RNG:RNG_STRONG
eap-tnc:
EAP_SERVER:TNC
EAP_SERVER:TTLS
CUSTOM:tnccs-manager
EAP_CLIENT:TNC
EAP_CLIENT:TTLS
CUSTOM:tnccs-manager
EAP_SERVER:PT
EAP_SERVER:TTLS
CUSTOM:tnccs-manager
EAP_CLIENT:PT
EAP_CLIENT:TTLS
CUSTOM:tnccs-manager
xauth-generic:
XAUTH_SERVER:generic
XAUTH_CLIENT:generic
xauth-eap:
XAUTH_SERVER:eap
xauth-pam:
XAUTH_SERVER:pam
tnc-tnccs:
CUSTOM:tnccs-manager
dhcp:
CUSTOM:dhcp
RNG:RNG_WEAK
lookip:
CUSTOM:lookip
error-notify:
CUSTOM:error-notify
certexpire:
CUSTOM:certexpire
led:
CUSTOM:led
addrblock:
CUSTOM:addrblock
CERT_DECODE:X509 (soft)
unity:
CUSTOM:unity
root@r-22-QA:/etc/ipsec.d#
No comments:
Post a Comment