Hello Frank, > auto=add
You configured that the tunnel configuration should only be loaded, not started or routed. Set auto=route to install the necessary trap policies and then manually up the tunnel. If it fails, read the output and figure out what is wrong. The HelpRequests[1] is a good starting point. Kind regards Noel [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests Am 25.10.18 um 15:36 schrieb Frank Uccello: > > I am setup a site to site vpn to one my vendors they have Cisco ASA ios 9.x > > > > They gave me a sample of config file but its not send any traffic to them > > > > Here is what I have > > > > config setup > > > > conn vpn_tunnel > > compress=no > > type=tunnel > > authby=secret > > forceencaps=yes > > auto=start > > rekey=yes > > > > > > ikelifetime=28800s > > keylife=3600s > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ike > > authby=secret > > > > # conn ciscoios > > left=192.168.x.x > > leftsubnet=192.168.x.x/32 #network behind strongswan > > leftid=23.xxx.xxx.175 #IKEID sent by strongswan > > leftfirewall=yes > > right=206.xxxx.xxx.134 #IOS outside address > > rightsubnet=206.xxx.xxx.161/32 #network behind IOS > > rightid=206.xxx.xxx.134 #IKEID sent by IOS > > auto=add > > ike=aes256-sha1-modp1024 > > esp=aes128-sha1 #P2 > > > > What might I be missing here is the ipsec status > > > > Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-1025-azure, > x86_64): > > uptime: 2 minutes, since Oct 25 13:24:22 2018 > > malloc: sbrk 1482752, mmap 0, used 465360, free 1017392 > > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, > scheduled: 0 > > loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce > x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey > pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve > socket-default connmark stroke updown eap-mschapv2 xauth-generic counters > > Listening IP addresses: > > 192.168.x.x > > Connections: > > vpn_tunnel: 192.168.x.x...206.xxx.xxx.134 IKEv1/2 > > vpn_tunnel: local: [23.xx.xxx.175] uses pre-shared key authentication > > vpn_tunnel: remote: [206.xxx.xx.134] uses pre-shared key authentication > > vpn_tunnel: child: 172.xxx.xxx.4/32 === 206.xxx.xxxx.161/32 TUNNEL > > Security Associations (0 up, 0 connecting): > > None > > > > > > And finally here my secrets file > > 23.xxx.xxx.175 : PSK "MyBigSecert key" > > 206.xxx.xxxx.161 : PSK " MyBigSecert key " > > > > > > > > Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 > > >
signature.asc
Description: OpenPGP digital signature