cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack] dudarra commented on issue #3138: StrongSwan with several rightsubnet's - ikev1
Date Wed, 22 May 2019 10:29:37 GMT
dudarra commented on issue #3138: StrongSwan with several rightsubnet's - ikev1
URL: https://github.com/apache/cloudstack/issues/3138#issuecomment-494746586
 
 
   Update on the VPN! We tried with Riverbed - Cloudstack! Riverbed with 3 tiers and Cloudstack
with 2. Everything worked from the beginning...
   
   `Cloudstack:
   Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-8-amd64, x86_64):
     uptime: 12 days, since May 09 14:24:31 2019
     malloc: sbrk 2797568, mmap 0, used 756512, free 2041056
     worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled:      
                                                                   8
     loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha2 sha1 md5 random n      
                                                                      once x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshk                              
                                              ey pem gcrypt af-alg fips-prf gmp xcbc cmac
hmac ctr ccm curl attr kernel-netlin                                                     
                       k resolve socket-default farp stroke updown eap-identity eap-aka eap-md5
eap-gtc                                                                              eap-mschapv2
eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-                       
                                                     pam tnc-tnccs dhcp lookip error-notify
certexpire led addrblock unity
   Listening IP addresses:
     10.100.9.150
     172.16.2.1
     172.16.1.1
   Connections:
   vpn-14:  16...14  IKEv1/2
   vpn-14:   local:  [6] uses pre-shared key authentication
   vpn-14:   remote: [14] uses pre-shared key authenticatio                              
                                              n
   vpn-14:   child:  172.16.0.0/16 === 10.100.0.0/24 10.100.45.0/24 10.                  
                                                          100.11.0/24 TUNNEL
       L2TP-PSK:  172.26.0.151...%any  IKEv1/2
       L2TP-PSK:   local:  [172.26.0.151] uses pre-shared key authentication
       L2TP-PSK:   remote: uses pre-shared key authentication
       L2TP-PSK:   child:  dynamic[udp/l2f] === 0.0.0.0/0[udp] TRANSPORT
   Routed Connections:
       L2TP-PSK{504}:  ROUTED, TRANSPORT, reqid 29
       L2TP-PSK{504}:   0.0.0.0/0[udp/l2f] === 0.0.0.0/0[udp]
   vpn-14{503}:  ROUTED, TUNNEL, reqid 28
   vpn-14{503}:   172.16.0.0/16 === 10.100.0.0/24 10.100.11.0/24 10.100                  
                                                          .45.0/24
   Security Associations (1 up, 0 connecting):
   vpn-14[129]: ESTABLISHED 70 minutes ago, 16[16                                        
                                    ]...14[14]
   vpn-14[129]: IKEv2 SPIs: 0b23c16db510c360_i 65114284d4d78125_r*, pre                  
                                                          -shared key reauthentication in
94 minutes
   vpn-14[129]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP                  
                                                          _1536
   `
   `Riverbed;
   Status of IKE charon daemon (strongSwan 5.5.2, Linux 4.4.89, x86_64):
    uptime: 62 days, since Mar 20 22:56:49 2019
    worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 44
    loaded plugins: charon sha1 nonce x509 revocation constraints pubkey pkcs1 pgp pem openssl
fips-prf xcbc gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2
eap-tls xauth-generic xauth-noauth whitelist unity
   Virtual IP pools (size/online/offline):
    172.16.16.0/24: 254/0/1
   Listening IP addresses:
    10.100.1.4
    10.100.1.1
    192.168.204.4
    192.168.205.1
    10.100.44.4
    10.100.45.1
    10.100.0.4
    10.100.0.1
   Connections:
      endpoint:  %any...%any  IKEv2, dpddelay=300s
      endpoint:   local:  [ID_DER_ASN1_DN:O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net]
uses public key authentication
      endpoint:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
      endpoint:    cert:  "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
      endpoint:   remote: uses public key authentication
      endpoint:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
      endpoint:   child:  0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
   endpoint_osx1:  %any...%any  IKEv1, dpddelay=300s
   endpoint_osx1:   local:  [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public
key authentication
   endpoint_osx1:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
   endpoint_osx1:    cert:  "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
   endpoint_osx1:   remote: uses public key authentication
   endpoint_osx1:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
   endpoint_osx1:   remote: uses XAuth authentication: noauth
   endpoint_osx1:   child:  10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24
172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear
   endpoint_osx2:  %any...%any  IKEv2, dpddelay=300s
   endpoint_osx2:   local:  [ID_FQDN:sie2da8563.oo941a08c70956a7.dnslabel.net] uses public
key authentication
   endpoint_osx2:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
   endpoint_osx2:    cert:  "O=Ocedo, OU=OO941A08C70956A7, CN=sie2da8563.oo941a08c70956a7.dnslabel.net"
   endpoint_osx2:   remote: uses public key authentication
   endpoint_osx2:    ca:    "O=Ocedo, OU=OO941A08C70956A7, CN=IPSec CA"
   endpoint_osx2:   child:  10.100.0.0/24 10.100.1.0/24 10.100.45.0/24 192.168.205.0/24 192.168.204.0/24
172.16.16.0/24 10.100.11.0/24 === dynamic TUNNEL, dpdaction=clear

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message