[Openswan Users] Connecting VyOS 1.1.6 to EC2

Amos Shapira amos.shapira at gmail.com
Fri Feb 12 04:19:45 EST 2016 

Thanks.
I double check the firewall rules (and Security Group) and they are OK.
This EC2 instance also talks fine with other destinations (a Virtual
Gateway).
I also saw traffic in both directions using tcpdump on both sides.

BUT! After I sent this question and doing more tests I tried to just blow
up this instance and let the automatic configuration (Autoscaling group)
bring up a fresh EC2 instance and things started working again (I.e. I can
ping hosts over the tunnel).

I suspect that the enabling of nat-traversal on the VyOS side after a few
attempts from this specific instance, which was the only change I made,
somehow didn't register with the instance but once I switched to a fresh
instance it worked.

Cheers,
Amos
On 12 Feb 2016 7:03 p.m., "Nick Howitt" <nick at howitts.co.uk> wrote:

> The tunnel is up. Check your firewall rules.
>
> On 2016-02-11 23:13, Amos Shapira wrote:
>
>> Hello,
>>
>> I'm trying to connect a VyOS 1.1.6, which comes with IPSec U4.5.2, to
>> a Ubuntu 14.04 LTS EC2 instance running 2.6.38.
>>
>> I think I got the link up but I can't get any traffic over it. Here is
>> a log of the startup from scratch:
>>
>> FEB 11 22:47:13 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #1: INITIATING MAIN MODE
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: IGNORING UNKNOWN VENDOR ID PAYLOAD
>> [882FE56D6FD20DBC2251613B2EBE5BEB]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD [CISCO-UNITY]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD [XAUTH]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD [DEAD PEER
>> DETECTION]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD [RFC 3947] METHOD
>> SET TO=115
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD
>> [DRAFT-IETF-IPSEC-NAT-T-IKE-03] METH=108, BUT ALREADY USING METHOD 115
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD
>> [DRAFT-IETF-IPSEC-NAT-T-IKE-02] METH=107, BUT ALREADY USING METHOD 115
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD
>> [DRAFT-IETF-IPSEC-NAT-T-IKE-02_N] METH=106, BUT ALREADY USING METHOD
>> 115
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]: PACKET FROM
>> 203.191.19.3:4500 [1]: RECEIVED VENDOR ID PAYLOAD
>> [DRAFT-IETF-IPSEC-NAT-T-IKE-00]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: RESPONDING TO MAIN MODE
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: TRANSITION FROM STATE STATE_MAIN_R0
>> TO STATE STATE_MAIN_R1
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: STATE_MAIN_R1: SENT MR1, EXPECTING
>> MI2
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: NAT-TRAVERSAL: RESULT USING
>> DRAFT-IETF-IPSEC-NAT-T-IKE (MACOS X): BOTH ARE NATED
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: TRANSITION FROM STATE STATE_MAIN_R1
>> TO STATE STATE_MAIN_R2
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: STATE_MAIN_R2: SENT MR2, EXPECTING
>> MI3
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: MAIN MODE PEER ID IS ID_IPV4_ADDR:
>> '203.191.19.3'
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: TRANSITION FROM STATE STATE_MAIN_R2
>> TO STATE STATE_MAIN_R3
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: STATE_MAIN_R3: SENT MR3, ISAKMP SA
>> ESTABLISHED {AUTH=OAKLEY_PRESHARED_KEY CIPHER=AES_256 PRF=OAKLEY_SHA
>> GROUP=MODP1024}
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #2: THE PEER PROPOSED: 172.22.0.0/16:0/0
>> [2] -> 192.168.2.0/24:0/0 [3]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3: RESPONDING TO QUICK MODE PROPOSAL
>> {MSGID:CD7B50CB}
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3:     US:
>> 172.22.0.0/16===172.22.0.207[52.63.20.251]---172.22.0.1
>> <http://172.22.0.0/16===172.22.0.207%5B52.63.20.251%5D---172.22.0.1> [4]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3:   THEM:
>> 203.191.19.3<203.191.19.3>===192.168.2.0/24 [5]
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3: TRANSITION FROM STATE STATE_QUICK_R0
>> TO STATE STATE_QUICK_R1
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3: STATE_QUICK_R1: SENT QR1, INBOUND
>> IPSEC SA INSTALLED, EXPECTING QI2
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3: TRANSITION FROM STATE STATE_QUICK_R1
>> TO STATE STATE_QUICK_R2
>> FEB 11 22:47:49 IP-172-22-0-207 PLUTO[19672]:
>> "SYDNEY-HUB-SYDNEY-OFFICE-1" #3: STATE_QUICK_R2: IPSEC SA ESTABLISHED
>> TUNNEL MODE {ESP/NAT=>0XCD5A1422 <0X9998C8E5 XFRM=AES_256-HMAC_SHA1
>> NATOA=NONE NATD=203.191.19.3:4500 [1] DPD=NONE}
>>
>> And here is the output of "ipsec auto --status":
>>
>> 000 USING KERNEL INTERFACE: NETKEY
>> 000 INTERFACE LO/LO ::1
>> 000 INTERFACE LO/LO 127.0.0.1
>> 000 INTERFACE LO/LO 127.0.0.1
>> 000 INTERFACE ETH0/ETH0 172.22.0.207
>> 000 INTERFACE ETH0/ETH0 172.22.0.207
>> 000 INTERFACE ETH0/ETH0 52.63.20.251
>> 000 INTERFACE ETH0/ETH0 52.63.20.251
>> 000 %MYID = (NONE)
>> 000 DEBUG NONE
>> 000
>> 000 VIRTUAL_PRIVATE (%PRIV):
>> 000 - ALLOWED 6 SUBNETS: 10.0.0.0/8 [6], 192.168.0.0/16 [7],
>> 172.16.0.0/12 [8], 25.0.0.0/8 [9], FD00::/8, FE80::/10
>> 000 - DISALLOWED 1 SUBNET: 172.22.0.0/16 [10]
>> 000
>> 000 ALGORITHM ESP ENCRYPT: ID=2, NAME=ESP_DES, IVLEN=8, KEYSIZEMIN=64,
>> KEYSIZEMAX=64
>> 000 ALGORITHM ESP ENCRYPT: ID=3, NAME=ESP_3DES, IVLEN=8,
>> KEYSIZEMIN=192, KEYSIZEMAX=192
>> 000 ALGORITHM ESP ENCRYPT: ID=6, NAME=ESP_CAST, IVLEN=8,
>> KEYSIZEMIN=40, KEYSIZEMAX=128
>> 000 ALGORITHM ESP ENCRYPT: ID=7, NAME=ESP_BLOWFISH, IVLEN=8,
>> KEYSIZEMIN=40, KEYSIZEMAX=448
>> 000 ALGORITHM ESP ENCRYPT: ID=11, NAME=ESP_NULL, IVLEN=0,
>> KEYSIZEMIN=0, KEYSIZEMAX=0
>> 000 ALGORITHM ESP ENCRYPT: ID=12, NAME=ESP_AES, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=13, NAME=ESP_AES_CTR, IVLEN=8,
>> KEYSIZEMIN=160, KEYSIZEMAX=288
>> 000 ALGORITHM ESP ENCRYPT: ID=14, NAME=ESP_AES_CCM_A, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=15, NAME=ESP_AES_CCM_B, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=16, NAME=ESP_AES_CCM_C, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=18, NAME=ESP_AES_GCM_A, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=19, NAME=ESP_AES_GCM_B, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=20, NAME=ESP_AES_GCM_C, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=22, NAME=ESP_CAMELLIA, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=252, NAME=ESP_SERPENT, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP ENCRYPT: ID=253, NAME=ESP_TWOFISH, IVLEN=8,
>> KEYSIZEMIN=128, KEYSIZEMAX=256
>> 000 ALGORITHM ESP AUTH ATTR: ID=1, NAME=AUTH_ALGORITHM_HMAC_MD5,
>> KEYSIZEMIN=128, KEYSIZEMAX=128
>> 000 ALGORITHM ESP AUTH ATTR: ID=2, NAME=AUTH_ALGORITHM_HMAC_SHA1,
>> KEYSIZEMIN=160, KEYSIZEMAX=160
>> 000 ALGORITHM ESP AUTH ATTR: ID=5, NAME=AUTH_ALGORITHM_HMAC_SHA2_256,
>> KEYSIZEMIN=256, KEYSIZEMAX=256
>> 000 ALGORITHM ESP AUTH ATTR: ID=6, NAME=AUTH_ALGORITHM_HMAC_SHA2_384,
>> KEYSIZEMIN=384, KEYSIZEMAX=384
>> 000 ALGORITHM ESP AUTH ATTR: ID=7, NAME=AUTH_ALGORITHM_HMAC_SHA2_512,
>> KEYSIZEMIN=512, KEYSIZEMAX=512
>> 000 ALGORITHM ESP AUTH ATTR: ID=8, NAME=AUTH_ALGORITHM_HMAC_RIPEMD,
>> KEYSIZEMIN=160, KEYSIZEMAX=160
>> 000 ALGORITHM ESP AUTH ATTR: ID=9, NAME=AUTH_ALGORITHM_AES_CBC,
>> KEYSIZEMIN=128, KEYSIZEMAX=128
>> 000 ALGORITHM ESP AUTH ATTR: ID=251, NAME=AUTH_ALGORITHM_NULL_KAME,
>> KEYSIZEMIN=0, KEYSIZEMAX=0
>> 000
>> 000 ALGORITHM IKE ENCRYPT: ID=0, NAME=(NULL), BLOCKSIZE=16,
>> KEYDEFLEN=131
>> 000 ALGORITHM IKE ENCRYPT: ID=5, NAME=OAKLEY_3DES_CBC, BLOCKSIZE=8,
>> KEYDEFLEN=192
>> 000 ALGORITHM IKE ENCRYPT: ID=7, NAME=OAKLEY_AES_CBC, BLOCKSIZE=16,
>> KEYDEFLEN=128
>> 000 ALGORITHM IKE HASH: ID=1, NAME=OAKLEY_MD5, HASHSIZE=16
>> 000 ALGORITHM IKE HASH: ID=2, NAME=OAKLEY_SHA1, HASHSIZE=20
>> 000 ALGORITHM IKE HASH: ID=4, NAME=OAKLEY_SHA2_256, HASHSIZE=32
>> 000 ALGORITHM IKE HASH: ID=6, NAME=OAKLEY_SHA2_512, HASHSIZE=64
>> 000 ALGORITHM IKE DH GROUP: ID=2, NAME=OAKLEY_GROUP_MODP1024,
>> BITS=1024
>> 000 ALGORITHM IKE DH GROUP: ID=5, NAME=OAKLEY_GROUP_MODP1536,
>> BITS=1536
>> 000 ALGORITHM IKE DH GROUP: ID=14, NAME=OAKLEY_GROUP_MODP2048,
>> BITS=2048
>> 000 ALGORITHM IKE DH GROUP: ID=15, NAME=OAKLEY_GROUP_MODP3072,
>> BITS=3072
>> 000 ALGORITHM IKE DH GROUP: ID=16, NAME=OAKLEY_GROUP_MODP4096,
>> BITS=4096
>> 000 ALGORITHM IKE DH GROUP: ID=17, NAME=OAKLEY_GROUP_MODP6144,
>> BITS=6144
>> 000 ALGORITHM IKE DH GROUP: ID=18, NAME=OAKLEY_GROUP_MODP8192,
>> BITS=8192
>> 000 ALGORITHM IKE DH GROUP: ID=22, NAME=OAKLEY_GROUP_DH22, BITS=1024
>> 000 ALGORITHM IKE DH GROUP: ID=23, NAME=OAKLEY_GROUP_DH23, BITS=2048
>> 000 ALGORITHM IKE DH GROUP: ID=24, NAME=OAKLEY_GROUP_DH24, BITS=2048
>> 000
>> 000 STATS DB_OPS: {CURR_CNT, TOTAL_CNT, MAXSZ} :CONTEXT={0,0,0}
>> TRANS={0,0,0} ATTRS={0,0,0}
>> 000
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":
>> 172.22.0.0/16===172.22.0.207[52.63.20.251]---172.22.0.1...203.191.19.3
>> <http://172.22.0.0/16===172.22.0.207%5B52.63.20.251%5D---172.22.0.1...203.191.19.3>
>> [11]<203.191.19.3>===192.168.2.0/24 [5]; EROUTED; EROUTE OWNER: #3
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":     MYIP=52.63.20.251; HISIP=UNSET;
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":   IKE_LIFE: 3600S; IPSEC_LIFE:
>> 28800S; REKEY_MARGIN: 540S; REKEY_FUZZ: 100%; KEYINGTRIES: 0
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":   POLICY:
>> PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2ALLOW+SAREFTRACK+LKOD+RKOD; PRIO:
>> 16,24; INTERFACE: ETH0;
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":   NEWEST ISAKMP SA: #2; NEWEST IPSEC
>> SA: #3;
>> 000 "SYDNEY-HUB-SYDNEY-OFFICE-1":   IKE ALGORITHM NEWEST:
>> AES_CBC_256-SHA1-MODP1024
>> 000
>> 000 #3: "SYDNEY-HUB-SYDNEY-OFFICE-1":4500 STATE_QUICK_R2 (IPSEC SA
>> ESTABLISHED); EVENT_SA_REPLACE IN 3237S; NEWEST IPSEC; EROUTE OWNER;
>> ISAKMP#2; IDLE; IMPORT:NOT SET
>> 000 #3: "SYDNEY-HUB-SYDNEY-OFFICE-1" ESP.CD5A1422 at 203.191.19.3
>> ESP.9998C8E5 at 172.22.0.207 TUN.0 at 203.191.19.3 TUN.0 at 172.22.0.207 REF=0
>> REFHIM=4294901761
>> 000 #2: "SYDNEY-HUB-SYDNEY-OFFICE-1":4500 STATE_MAIN_R3 (SENT MR3,
>> ISAKMP SA ESTABLISHED); EVENT_SA_REPLACE IN 3237S; NEWEST ISAKMP;
>> LASTDPD=-1S(SEQ IN:0 OUT:0); IDLE; IMPORT:NOT SET
>> 000 #1: "SYDNEY-HUB-SYDNEY-OFFICE-1":500 STATE_MAIN_I1 (SENT MI1,
>> EXPECTING MR1); EVENT_RETRANSMIT IN 21S; NODPD; IDLE; IMPORT:ADMIN
>> INITIATE
>> 000 #1: PENDING PHASE 2 FOR "SYDNEY-HUB-SYDNEY-OFFICE-1" REPLACING #0
>> 000
>>
>> But ping to the address of the VyOS host (or any host on the other
>> side) doesn't get any response. I verified that ping from other IPSec
>> tunnels (which use either Vyatta or AWS Virtual Gateway) works fine.
>>
>> Here is the configuration of the tunnel from the EC2 side:
>>
>> VERSION 2.0
>> CONFIG SETUP
>>  DUMPDIR=/VAR/RUN/PLUTO/
>>  NAT_TRAVERSAL=YES
>>
>> VIRTUAL_PRIVATE=%V4:
>> 10.0.0.0/8,%V4:192.168.0.0/16,%V4:172.16.0.0/12,%V4:25.0.0.0/8,%V6:FD00::/8,%V6:FE80::/10,%V4:!172.22.0.0/16
>> [12]
>>  OE=OFF
>>  PROTOSTACK=NETKEY
>>  INTERFACES=%DEFAULTROUTE
>>
>> CONN SYDNEY-HUB-SYDNEY-OFFICE-1
>>
>>     TYPE=TUNNEL
>>     AUTHBY=SECRET
>>     FORCEENCAPS=YES
>>     AUTO=START
>>     LEFT=%DEFAULTROUTE
>>     LEFTID=52.63.20.251
>>     LEFTSOURCEIP=52.63.20.251
>>     LEFTNEXTHOP=%DEFAULTROUTE
>>     LEFTSUBNET=172.22.0.0/16 [10]
>>     RIGHT=203.191.19.3
>>     RIGHTID=203.191.19.3
>>     RIGHTSUBNET=192.168.2.0/24 [5]
>>
>> And here it is from the VyOS side (I tried to include all relevant
>> global settings too):
>>
>> VERSION 2.0
>> CONFIG SETUP
>>
>>         CHARONSTART=YES
>>         INTERFACES="%NONE"
>>         NAT_TRAVERSAL=YES
>>
>> CONN PEER-52.63.20.251-TUNNEL-1
>>         LEFT=203.191.19.3
>>         RIGHT=52.63.20.251
>>         LEFTSUBNET=192.168.2.0/24 [5]
>>         RIGHTSUBNET=172.22.0.0/16 [10]
>>         LEFTSOURCEIP=192.168.2.254
>>         IKE=AES256-SHA1-MODP1024!
>>         KEYEXCHANGE=IKEV1
>>         IKELIFETIME=86400S
>>         ESP=AES256-SHA1,3DES-MD5!
>>         KEYLIFE=3600S
>>         REKEYMARGIN=540S
>>         TYPE=TUNNEL
>>         PFS=YES
>>         COMPRESS=NO
>>         AUTHBY=SECRET
>>         AUTO=START
>>         KEYINGTRIES=%FOREVER
>>
>> Here is the "ipsec status" output from the VyOS side for that link (I
>> left out other links):
>>
>> 000 "PEER-52.63.20.251-TUNNEL-1":
>>
>> 192.168.2.0/24===203.191.19.3:4500[203.191.19.3]...52.63.20.251:4500[52.63.20.251]===172.22.0.0/16
>> <http://192.168.2.0/24===203.191.19.3:4500%5B203.191.19.3%5D...52.63.20.251:4500%5B52.63.20.251%5D===172.22.0.0/16>
>> [13]; EROUTED; EROUTE OWNER: #265
>> 000 "PEER-52.63.20.251-TUNNEL-1":   NEWEST ISAKMP SA: #263; NEWEST
>> IPSEC SA: #265;
>> ...
>>
>> 000 #265: "PEER-52.63.20.251-TUNNEL-1" STATE_QUICK_I2 (SENT QI2, IPSEC
>> SA ESTABLISHED); EVENT_SA_REPLACE IN 2420S; NEWEST IPSEC; EROUTE OWNER
>> 000 #265: "PEER-52.63.20.251-TUNNEL-1" ESP.9998C8E5 at 52.63.20.251 (0
>> BYTES) ESP.CD5A1422 at 203.191.19.3 (0 BYTES); TUNNEL
>> 000 #263: "PEER-52.63.20.251-TUNNEL-1" STATE_MAIN_I4 (ISAKMP SA
>> ESTABLISHED); EVENT_SA_REPLACE IN 84976S; NEWEST ISAKMP
>> 000
>> SECURITY ASSOCIATIONS:
>>   NONE
>>
>> Can anyone see what am I doing wrong?
>>
>> Thanks.
>>
>> Links:
>> ------
>> [1] http://203.191.19.3:4500
>> [2] http://172.22.0.0/16:0/0
>> [3] http://192.168.2.0/24:0/0
>> [4] http://172.22.0.0/16===172.22.0.207[52.63.20.251]---172.22.0.1
>> [5] http://192.168.2.0/24
>> [6] http://10.0.0.0/8
>> [7] http://192.168.0.0/16
>> [8] http://172.16.0.0/12
>> [9] http://25.0.0.0/8
>> [10] http://172.22.0.0/16
>> [11]
>>
>> http://172.22.0.0/16===172.22.0.207[52.63.20.251]---172.22.0.1...203.191.19.3
>> [12]
>>
>> http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10,%v4:!172.22.0.0/16
>> [13]
>>
>> http://192.168.2.0/24===203.191.19.3:4500[203.191.19.3]...52.63.20.251:4500[52.63.20.251]===172.22.0.0/16
>>
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160212/2518c38a/attachment-0001.html>

More information about the Users mailing list