Comments (4)
tobiasbrunner
commented on June 12, 2024
-l lists SAs, not shunt policies. You see the latter in -P.
from strongswan.
DineshReddyK
commented on June 12, 2024
It does list in other peer machine.
[root@host-3 /]# swanctl -l
host-host: #2, ESTABLISHED, IKEv2, 5ec3b2110cf79245_i* 7cfb30548a970e64_r
local '192.168.100.3' @ 192.168.100.3[500]
remote '192.168.100.1' @ 192.168.100.1[500]
AES_GCM_16-256/PRF_HMAC_SHA2_384/ECP_384
established 182s ago, rekeying in 77301s
udpTunnel: #5, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
installed 182s ago, rekeying in 25595s, expires in 28618s
in c83708fd, 5860 bytes, 23 packets, 14s ago
out ce23a659, 4794 bytes, 23 packets, 14s ago
local 192.168.100.3/32[udp]
remote 192.168.100.1/32[udp]
tcpTunnel: #6, reqid 2, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
installed 182s ago, rekeying in 25378s, expires in 28618s
in c9fac8fc, 0 bytes, 0 packets
out cf3383e4, 0 bytes, 0 packets
local 192.168.100.3/32[tcp]
remote 192.168.100.1/32[tcp]
bypassConn: #1, ESTABLISHED, IKEv2, 74a6c598bb862706_i* aa84409eaf14cd33_r
local '192.168.100.3' @ 192.168.100.3[500]
remote '192.168.100.1' @ 192.168.100.1[500]
AES_GCM_16-256/PRF_HMAC_SHA2_384/ECP_384
established 182s ago, rekeying in 13866s
bypassDhcp: #3, reqid 3, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
installed 182s ago, rekeying in 3080s, expires in 3778s
in c39eed08, 0 bytes, 0 packets
out c17bfe43, 0 bytes, 0 packets
local 192.168.100.3/32[udp/bootpc]
remote 192.168.100.1/32[udp/bootps]
bypassSsh: #4, reqid 4, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
installed 182s ago, rekeying in 3114s, expires in 3778s
in cc61c49d, 0 bytes, 0 packets
out c317bcdd, 0 bytes, 0 packets
local 192.168.100.3/32[tcp/ssh]
remote 192.168.100.1/32[tcp]
from strongswan.
tobiasbrunner
commented on June 12, 2024
You configured something differently there then. But anyway, you don't want to configure bypass policies together with actual policies in the same connection entry. See the examples in the docs.
from strongswan.
DineshReddyK
commented on June 12, 2024
Its exact same configuration file which I have attached in the question, but local and remote are exchanged. (And it’s not centos)
And I believe I have configured shunt polices separately in different connection.
Is there anything wrong in the configuration?
from strongswan.
Related Issues (20)
- android11 can't use "IKEv2/IPSec MSCHAPv2" to connect strongswanVPN server
- "<child>.local_ts" Dynamic acquisition of network card IP address HOT 2
- I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage? HOT 13
- Build of version 5.9.14 fails on alpine (musl) HOT 1
- ubuntu make error
- proposal_keywords.c is excluded by the .gitignore file HOT 2
- charon-nm: only a single CA cert file is loaded from "server certificate" file HOT 3
- add logger configuration for json output HOT 4
- Add support for the post-quantum ML-KEM KE algorithm in openssl plugin
- Routing regression between 5.9.8 (Debian Bookworm deb12u1) and 5.9.13 (Ubuntu 24.04 (2ubuntu4)) HOT 10
- libstrongswan rsa test getting hang sporadically with strongswan 5.9.6 HOT 2
- "Invalid ELF image for this architecture" error while running tests suite in strongswan HOT 1
- Confusing loading state in Battery Saver HOT 1
- "Invalid ELF image for this architecture" error while running tests suite in strongswan 5.8.4 version HOT 5
- Are there plans to adapt HarmonyOS in the future? HOT 2
- "printf_hooks" test failure in strongswan 5.9.13 version HOT 2
- Always list first usable address as base in the output of swanctl --list-pools command
- multiple subnet but only one establishing
- swanctl ignores load=no for plugins HOT 1
- "Stream tests and http fetcher tests" failing on strongswan 5.9.13 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongswan.