-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_256/HMAC_SHA2_512_256::YES
+dave:: ipsec statusall 2> /dev/null::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-carol::ipsec statusall::BLOWFISH_CBC_192/HMAC_SHA2_256_128,::YES
+dave:: ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+carol::ipsec statusall 2> /dev/null::BLOWFISH_CBC_192/HMAC_SHA2_384_192,::YES
+dave:: ipsec statusall 2> /dev/null::BLOWFISH_CBC_128/HMAC_SHA2_256_128,::YES
carol::ip -s xfrm state::enc cbc(blowfish).*(192 bits)::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::IKE proposal: BLOWFISH_CBC_128/HMAC_SHA2_256_128::YES
-dave::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ipsec statusall::BLOWFISH_CBC_128/HMAC_SHA1_96,::YES
-dave::ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
-moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
-moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
-moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 180::YES
-moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 180::YES
+dave:: ip -s xfrm state::enc cbc(blowfish).*(128 bits)::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 192::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP.*length 184::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
keyingtries=1
keyexchange=ikev2
ike=blowfish256-sha512-modp2048!
- esp=blowfish192-sha256!
+ esp=blowfish192-sha384!
conn home
left=PH_IP_CAROL
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
keyingtries=1
keyexchange=ikev2
ike=blowfish128-sha256-modp1536!
- esp=blowfish128-sha1!
+ esp=blowfish128-sha256!
conn home
left=PH_IP_DAVE
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
keyingtries=1
keyexchange=ikev2
ike=blowfish256-sha512-modp2048,blowfish128-sha256-modp1536!
- esp=blowfish192-sha256,blowfish128-sha1!
+ esp=blowfish192-sha384,blowfish128-sha256!
conn rw
left=PH_IP_MOON
-moon::ipsec statusall::rw.*INSTALLED::YES
-carol::ipsec statusall::home.*INSTALLED::YES
-moon::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
+moon:: ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
carol::ipsec statusall::IKE proposal: CAMELLIA_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048::YES
carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
-moon::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES
+moon:: ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES
carol::ipsec statusall::CAMELLIA_CBC_192/HMAC_SHA1_96::YES
-moon::ip xfrm state::enc cbc(camellia)::YES
+moon:: ip xfrm state::enc cbc(camellia)::YES
carol::ip xfrm state::enc cbc(camellia)::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 196::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 196::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=yes
plutostart=no
conn %default
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::ECP_256.*ECP_384::YES
-dave::cat /var/log/daemon.log::ECP_256.*ECP_521::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
+dave:: cat /var/log/daemon.log::ECP_256.*ECP_521::YES
+carol::ipsec statusall 2> /dev/null::home.*AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384::YES
+dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- ike=aes192-sha384-ecp256,aes192-sha384-ecp384!
+ ike=aes128-sha256-ecp256,aes192-sha384-ecp384!
conn home
left=PH_IP_CAROL
charon {
load = curl pem pkcs1 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
-
-libstrongswan {
- ecp_x_coordinate_only = no
-}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- ike=aes256-sha512-ecp256,aes256-sha512-ecp521!
+ ike=aes128-sha256-ecp256,aes256-sha512-ecp521!
conn home
left=PH_IP_DAVE
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 random gmp pem pkcs1 x509 openssl revocation hmac stroke kernel-netlink socket-default updown
-}
-
-libstrongswan {
- ecp_x_coordinate_only = no
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
charon {
load = curl pem pkcs1 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
-
-libstrongswan {
- ecp_x_coordinate_only = no
-}
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[4]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::cat /var/log/daemon.log::ECP_192.*ECP_224::YES
-dave::cat /var/log/daemon.log::ECP_192.*ECP_256::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
+dave:: cat /var/log/daemon.log::ECP_192.*ECP_256::YES
+carol::ipsec statusall 2> /dev/null::home.*3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_224::YES
+dave:: ipsec statusall 2> /dev/null::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- ike=aes128-sha256-ecp192,aes128-sha256-ecp224!
+ ike=aes192-sha384-ecp192,3des-sha256-ecp224!
conn home
left=PH_IP_CAROL
charon {
load = curl pem pkcs1 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
-
-libstrongswan {
- ecp_x_coordinate_only = no
-}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- ike=aes128-sha256-ecp192,aes128-sha256-ecp256!
+ ike=aes192-sha384-ecp192,aes128-sha256-ecp256!
conn home
left=PH_IP_DAVE
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 random gmp pem pkcs1 x509 openssl revocation hmac stroke kernel-netlink socket-default updown
-}
-
-libstrongswan {
- ecp_x_coordinate_only = no
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 x509 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
- ike=aes128-sha256-ecp224,aes128-sha256-ecp256!
+ ike=3des-sha256-ecp224,aes128-sha256-ecp256!
conn rw
left=PH_IP_MOON
charon {
load = curl pem pkcs1 openssl revocation random hmac stroke kernel-netlink socket-default updown
}
-
-libstrongswan {
- ecp_x_coordinate_only = no
-}
moon::cat /var/log/daemon.log::sending end entity cert::YES
moon::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
-sun::cat /var/log/daemon.log::found unsupported critical X.509 extension::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
-sun::cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
-sun::cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
+sun:: cat /var/log/daemon.log::found unsupported critical X.509 extension::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - ANY failed::YES
+sun:: cat /var/log/daemon.log::loading certificate from 'sunCert.der' failed::YES
+sun:: cat /var/log/daemon.log::building CRED_CERTIFICATE - X509 failed::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
-moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
-moon::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
+moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
+moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
-dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
-moon::cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
-moon::cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+moon:: cat /var/log/daemon.log::authentication of.*carol@strongswan.org.*with ECDSA-256 signature successful::YES
+moon:: cat /var/log/daemon.log::authentication of.*dave@strongswan.org.*with ECDSA-384 signature successful::YES
carol::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
-dave::cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+dave:: cat /var/log/daemon.log::authentication of.*moon.strongswan.org.*with ECDSA-521 signature successful::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- crlcheckinterval=180
- strictcrlpolicy=no
plutostart=no
conn %default
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
-moon::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
-moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
-carol::ipsec statusall::home.*ESTABLISHED::YES
+moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
leftfirewall=yes
right=PH_IP_MOON
rightid="C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org"
+ rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
auto=add
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
plutostart=no
charondebug="tls 2"