You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2019/05/22 10:30:00 UTC
[GitHub] [cloudstack] dudarra edited a comment on issue #3138: StrongSwan
with several rightsubnet's - ikev1
dudarra edited a comment on issue #3138: StrongSwan with several rightsubnet's - ikev1
URL: https://github.com/apache/cloudstack/issues/3138#issuecomment-494746586
Update on the VPN! We tried with Riverbed - Cloudstack! Riverbed with 3 tiers and Cloudstack with 2. Everything worked from the beginning...
`Cloudstack:
Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-8-amd64, x86_64):
uptime: 12 days, since May 09 14:24:31 2019
malloc: sbrk 2797568, mmap 0, used 756512, free 2041056
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8
loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha2 sha1 md5 random n once x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshk ey pem gcrypt af-alg fips-prf gmp xcbc cmac hmac ctr ccm curl attr kernel-netlin k resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth- pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
10.100.9.150
172.16.2.1
172.16.1.1
Connections:
vpn-14: 16...14 IKEv1/2
vpn-14: local: [6] uses pre-shared key authentication
vpn-14: remote: [14] uses pre-shared key authenticatio n
vpn-14: child: 172.16.0.0/16 === 10.100.0.0/24 10.100.45.0/24 10. 100.11.0/24 TUNNEL
L2TP-PSK: 172.26.0.151...%any IKEv1/2
L2TP-PSK: local: [172.26.0.151] uses pre-shared key authentication
L2TP-PSK: remote: uses pre-shared key authentication
L2TP-PSK: child: dynamic[udp/l2f] === 0.0.0.0/0[udp] TRANSPORT
Routed Connections:
L2TP-PSK{504}: ROUTED, TRANSPORT, reqid 29
L2TP-PSK{504}: 0.0.0.0/0[udp/l2f] === 0.0.0.0/0[udp]
vpn-14{503}: ROUTED, TUNNEL, reqid 28
vpn-14{503}: 172.16.0.0/16 === 10.100.0.0/24 10.100.11.0/24 10.100 .45.0/24
Security Associations (1 up, 0 connecting):
vpn-14[129]: ESTABLISHED 70 minutes ago, 16[16 ]...14[14]
vpn-14[129]: IKEv2 SPIs: 0b23c16db510c360_i 65114284d4d78125_r*, pre -shared key reauthentication in 94 minutes
vpn-14[129]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP _1536
`
`Riverbed;
Status of IKE charon daemon (strongSwan 5.5.2, Linux 4.4.89, x86_64):
uptime: 62 days, since Mar 20 22:56:49 2019
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 44
loaded plugins: charon sha1 nonce x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf xcbc gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-tls xauth-generic xauth-noauth whitelist unity
Virtual IP pools (size/online/offline):
172.16.16.0/24: 254/0/1
Listening IP addresses:
10.100.1.4
10.100.1.1
192.168.204.4
192.168.205.1
10.100.44.4
10.100.45.1
10.100.0.4
10.100.0.1
Connections:
endpoint: %any...%any IKEv2, dpddelay=300s
endpoint: local: [ID_DER_ASN1_DN:O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication
endpoint: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
endpoint: remote: uses public key authentication
endpoint: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
endpoint_osx1: %any...%any IKEv1, dpddelay=300s
endpoint_osx1: local: [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication
endpoint_osx1: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint_osx1: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
endpoint_osx1: remote: uses public key authentication
endpoint_osx1: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint_osx1: remote: uses XAuth authentication: noauth
endpoint_osx1: child: 10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24 172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear
endpoint_osx2: %any...%any IKEv2, dpddelay=300s
endpoint_osx2: local: [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public key authentication
endpoint_osx2: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint_osx2: cert: "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
endpoint_osx2: remote: uses public key authentication
endpoint_osx2: ca: "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
endpoint_osx2: child: 10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24 172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services