Hi, please verify that the config file is actually used. For example add a deliberate syntax error. Like just garbage on a line. Check if the daemon and/or ipsec complains about that.
Am 12.05.21 um 01:15 schrieb Karuna Sagar Krishna:
Thanks for the quick replies! Running `sudo ipsec update` or `sudo ipsec reload` is effectively a no-op. Captured the terminal output below: karkrish@hn1-kkafka:~$ sudo ipsec statusall Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure, x86_64): uptime: 2 hours, since May 11 20:42:06 2021 malloc: sbrk 2703360, mmap 0, used 847536, free 1855824 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Listening IP addresses: 10.0.0.14 Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.15 IKEv2 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.14 IKEv2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT Routed Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: ROUTED, TRANSPORT, reqid 1 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: ROUTED, TRANSPORT, reqid 2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.14/32 <http://10.0.0.14/32> Security Associations (1 up, 0 connecting): hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: ESTABLISHED 2 hours ago, 10.0.0.14[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>]...10.0.0.15[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKEv2 SPIs: 1536ce9853bef399_i c00b62dfefa5f4ce_r*, public key reauthentication in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c73ba254_i c0ffd04a_o hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: AES_CBC_256/HMAC_SHA2_256_128, 220940 bytes_i (3942 pkts, 0s ago), 891540 bytes_o (2902 pkts, 1444s ago), rekeying in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> karkrish@hn1-kkafka:~$ sudo ipsec update Updating strongSwan IPsec configuration... karkrish@hn1-kkafka:~$ echo $? 0 karkrish@hn1-kkafka:~$ sudo ipsec statusall Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure, x86_64): uptime: 2 hours, since May 11 20:42:06 2021 malloc: sbrk 2703360, mmap 0, used 847984, free 1855376 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Listening IP addresses: 10.0.0.14 Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.15 IKEv2 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.14 IKEv2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT Routed Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: ROUTED, TRANSPORT, reqid 1 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: ROUTED, TRANSPORT, reqid 2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.14/32 <http://10.0.0.14/32> Security Associations (1 up, 0 connecting): hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: ESTABLISHED 2 hours ago, 10.0.0.14[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>]...10.0.0.15[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKEv2 SPIs: 1536ce9853bef399_i c00b62dfefa5f4ce_r*, public key reauthentication in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c73ba254_i c0ffd04a_o hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: AES_CBC_256/HMAC_SHA2_256_128, 226680 bytes_i (4045 pkts, 0s ago), 900068 bytes_o (2959 pkts, 1455s ago), rekeying in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> karkrish@hn1-kkafka:~$ sudo ipsec reload Reloading strongSwan IPsec configuration... karkrish@hn1-kkafka:~$ echo $? 0 karkrish@hn1-kkafka:~$ sudo ipsec statusall Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure, x86_64): uptime: 2 hours, since May 11 20:42:06 2021 malloc: sbrk 2703360, mmap 0, used 847840, free 1855520 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Listening IP addresses: 10.0.0.14 Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.15 IKEv2 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: 10.0.0.14...10.0.0.14 IKEv2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] uses public key authentication hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>" hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>: child: dynamic === dynamic TRANSPORT Routed Connections: hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: ROUTED, TRANSPORT, reqid 1 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{5}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: ROUTED, TRANSPORT, reqid 2 hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{2}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.14/32 <http://10.0.0.14/32> Security Associations (1 up, 0 connecting): hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: ESTABLISHED 2 hours ago, 10.0.0.14[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>]...10.0.0.15[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>] hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKEv2 SPIs: 1536ce9853bef399_i c00b62dfefa5f4ce_r*, public key reauthentication in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>[11]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c73ba254_i c0ffd04a_o hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: AES_CBC_256/HMAC_SHA2_256_128, 234876 bytes_i (4189 pkts, 0s ago), 910520 bytes_o (3037 pkts, 1474s ago), rekeying in 5 hours hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>{3}: 10.0.0.14/32 <http://10.0.0.14/32> === 10.0.0.15/32 <http://10.0.0.15/32> On Tue, May 11, 2021 at 4:11 PM Noel Kuntze <noel.kuntze@thermi.consulting> wrote: Alright, found it. Please verify that it's the actual ipsec.conf that is loaded because there also aren't any errors regarding config files logged. What happens when you run "ipsec update" or "ipsec reload" from the terminal? Kind regards Noel Am 12.05.21 um 01:09 schrieb Noel Kuntze: > Okay, what's your complete ipsec.conf? Can you send it? > > Kind regards > Noel > > Am 12.05.21 um 00:54 schrieb Karuna Sagar Krishna: >> Attaching full charon logs. >> >> Can you help with the ipsec.conf interface. I'll plan to switch to swanctl going forward, but currently this is blocking our releases. >> >> --karuna >> >> >> On Tue, May 11, 2021 at 2:54 PM Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: >> >> Hi, >> >> Full logs please, as shown on the HelpRequests[1] page on the wiki. >> Also, it's strongly recommended to use swanctl instead if possible. That's the better configuration backend. >> >> Kind regards >> Noel >> >> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests <https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests> <https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests <https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests>> >> >> Am 11.05.21 um 23:50 schrieb Karuna Sagar Krishna: >> > Hi, >> > >> > I'm setting up a IPSec connection between a bunch of Ubuntu 18.04 LTS nodes. I'm using Strongswan (Linux strongSwan U5.6.2/K5.4.0-1046-azure) on the Ubuntu nodes. The number of nodes is dynamic i.e. there are frequent scale out/ins. So the ipsec.conf file (see attached) is updated with additional conn sections and `sudo ipsec update` is used to reload the config file. However, I've noticed intermittent network connectivity issues and the syslog shows -> "no IKE config found for 10.0.0.14...10.0.0.18, sending NO_PROPOSAL_CHOSEN". Clearly, the ipsec status shows that the daemon has not reloaded the config irrespective of issuing `sudo ipsec update` multiple times. >> > >> > Can you help understand why the config is not updated and how to fix this issue? >> > >> > >> > >> > IPSec status: >> > ----------------- >> > >> > > sudo ipsec statusall >> > >> > Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure, x86_64): >> > uptime: 45 minutes, since May 11 20:42:07 2021 >> > malloc: sbrk 2703360, mmap 0, used 778800, free 1924560 >> > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 >> > loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters >> > Listening IP addresses: >> > 10.0.0.14 >> > Connections: >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: 10.0.0.14...10.0.0.15 IKEv2 >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>] uses public key authentication >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>" >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>] uses public key authentication >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>" >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: child: dynamic === dynamic TRANSPORT >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: 10.0.0.14...10.0.0.14 IKEv2 >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: local: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>] uses public key authentication >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>" >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: remote: [CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>] uses public key authentication >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: cert: "CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>" >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>: child: dynamic === dynamic TRANSPORT >> > /*Routed Connections: >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{2}: ROUTED, TRANSPORT, reqid 2 >> > hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{2}: 10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>> <http://10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>>> === 10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>> <http://10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>>> >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{1}: ROUTED, TRANSPORT, reqid 1 >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{1}: 10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>> <http://10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>>> === 10.0.0.15/32 <http://10.0.0.15/32> <http://10.0.0.15/32 <http://10.0.0.15/32>> <http://10.0.0.15/32 <http://10.0.0.15/32> <http://10.0.0.15/32 <http://10.0.0.15/32>>>*/ >> > Security Associations (1 up, 0 connecting): >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>[11]: ESTABLISHED 26 minutes ago, 10.0.0.14[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>]...10.0.0.15[CN=IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net> <http://IP-37fa1445fc.hdinsight-stable.azure-test.net <http://IP-37fa1445fc.hdinsight-stable.azure-test.net>>>] >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>[11]: IKEv2 SPIs: 1536ce9853bef399_i c00b62dfefa5f4ce_r*, public key reauthentication in 7 hours >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>[11]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c73ba254_i c0ffd04a_o >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{3}: AES_CBC_256/HMAC_SHA2_256_128, 44961 bytes_i (822 pkts, 0s ago), 193357 bytes_o (570 pkts, 1557s ago), rekeying in 7 hours >> > hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net> <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net <http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net>>>{3}: 10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>> <http://10.0.0.14/32 <http://10.0.0.14/32> <http://10.0.0.14/32 <http://10.0.0.14/32>>> === 10.0.0.15/32 <http://10.0.0.15/32> <http://10.0.0.15/32 <http://10.0.0.15/32>> <http://10.0.0.15/32 <http://10.0.0.15/32> <http://10.0.0.15/32 <http://10.0.0.15/32>>> >> > >> > >> > Charon logs: >> > ----------------- >> > >> > May 11 21:23:20 hn1-kkafka charon: 09[NET] received packet: from 10.0.0.18[500] to 10.0.0.14[500] (536 bytes) >> > May 11 21:23:20 hn1-kkafka charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ] >> > May 11 21:23:20 hn1-kkafka charon: 09[IKE] /*no IKE config found for 10.0.0.14...10.0.0.18, sending NO_PROPOSAL_CHOSEN*/ >> > May 11 21:23:20 hn1-kkafka charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ] >> > May 11 21:23:20 hn1-kkafka charon: 09[NET] sending packet: from 10.0.0.14[500] to 10.0.0.18[500] (36 bytes) >> > >> > --karuna >> > >> > >
OpenPGP_signature
Description: OpenPGP digital signature
