mirror of
https://github.com/strongswan/strongswan.git
synced 2025-10-05 00:00:45 -04:00
8f56bbc82b
The main difference is that ping now reports icmp_seq instead of icmp_req, so we match for icmp_.eq, which works with both releases. tcpdump now also reports port 4500 as ipsec-nat-t.
11 lines
843 B
Plaintext
11 lines
843 B
Plaintext
carol::ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES
|
|
dave:: ipsec status 2> /dev/null::moon.*ESTABLISHED.*carol.strongswan.org.*moon.strongswan.org::YES
|
|
carol::ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
|
|
dave:: ipsec status 2> /dev/null::moon.*INSTALLED, TUNNEL::YES
|
|
moon:: cat /var/log/auth.log::IKE_SA carol\[1] established.*PH_IP_CAROL::YES
|
|
moon:: cat /var/log/daemon.log::destroying duplicate IKE_SA for.*carol@strongswan.org.*received INITIAL_CONTACT::YES
|
|
moon:: cat /var/log/auth.log::IKE_SA carol\[2] established.*PH_IP_DAVE::YES
|
|
dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
|
|
alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
|
|
alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
|