-moon::ipsec statusall::rw.*STATE_QUICK_R2.*IPsec SA established::YES
-moon::ipsec statusall::rw.*ESTABLISHED::YES
-carol::ipsec statusall::home.*STATE_QUICK_I2.*IPsec SA established::YES
-dave::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+dave:: ipsec status 2> /dev/null::home.*ESTABLISHED.*dave@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[1]: ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw\[2]: ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
+carol::ipsec statusall 2> /dev/null::home.*IKEv1::YES
+dave:: ipsec statusall 2> /dev/null::home.*IKEv2::YES
+moon:: ipsec statusall 2> /dev/null::rw\[1]: IKEv1::YES
+moon:: ipsec statusall 2> /dev/null::rw\[2]: IKEv2::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+dave:: ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]1}.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw[{]2}.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
-dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
--- /dev/null
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
# /etc/strongswan.conf - strongSwan configuration file
-pluto {
- load = test-vectors sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
- integrity_test = yes
- crypto_test {
- on_add = yes
- }
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- strictcrlpolicy=no
plutostart=no
conn %default
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
-}
-
-libstrongswan {
- integrity_test = yes
- crypto_test {
- on_add = yes
- }
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
+ plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
- keyexchange=ikev1
conn rw
left=PH_IP_MOON
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 revocation xcbc stroke kernel-netlink socket-raw
-}
-
-pluto {
- load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac kernel-netlink
-}
-
-libstrongswan {
- integrity_test = yes
- crypto_test {
- on_add = yes
- }
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default
}
-moon::ipsec statusall::net-net.*ESTABLISHED::YES
-sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
+sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
+sun:: ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
-carol::ipsec status::home.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::rw.*STATE_QUICK_R2.*IPsec SA established::YES
+carol::ipsec status 2> /dev/null::home.*ESTABLISHED.*carol@strongswan.org.*moon.strongswan.org::YES
+moon:: ipsec status 2> /dev/null::rw.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::YES
+carol::ipsec status 2> /dev/null::home.*INSTALLED, TUNNEL::YES
+moon:: ipsec status 2> /dev/null::rw.*INSTALLED, TUNNEL::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
--- /dev/null
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+ plutostart=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ keyexchange=ikev1
+
+conn home
+ left=PH_IP_CAROL
+ leftcert=carolCert.pem
+ leftid=carol@strongswan.org
+ right=PH_IP_MOON
+ rightid=@moon.strongswan.org
+ rightsubnet=10.1.0.0/16
+ auto=add
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
+}
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
- plutodebug=control
- crlcheckinterval=180
+ plutostart=no
conn %default
ikelifetime=60m
rightid=carol@strongswan.org
keyexchange=ikev1
auto=add
-
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 revocation xcbc stroke kernel-netlink socket-raw
-}
-
-pluto {
- load = curl aes des sha1 sha2 md5 pem pkcs1 x509 gmp random hmac kernel-netlink
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
}
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc stroke kernel-netlink socket-default
+ load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac x509 revocation stroke kernel-netlink socket-default
}