Hy,
here the configuration with 1.13.
conn Tun1
left=%any4
leftid=
leftsubnet=192.168.xxx.1/24
leftauth=psk
rightauth=psk
authby=secret
right=82...
rightid=82...
keyexchange=ikev1
leftfirewall=yes
rightfirewall=yes
auto=start
type=tunnel
aggressive=no
dpdaction=restart
dpddelay=30
dpdtimeout=150
forceencaps=no
keyingtries=%forever
ike=aes256-md5-modp1024
ikelifetime=7800s
esp=aes256-md5-modp1024
keylife=3600s
rightsubnet=192.168.yyy.0/24
conn passthrough0
leftsubnet=192.168.xxx.0/24
rightsubnet=192.168.xxx.0/24
type=passthrough
authby=never
auto=route
SA Established:
|
SA: |
192.168.xxx.0/24=82... |
|
77...=192.168.xxx.0/24 | |
|
IKE: Auth PSK / Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 7800s / PFS MODP_1024 | |
ESP: Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 3600s | | | | |
I set update to 1.14 without keeping the settings and make the same configuration.
here the configuration with 1.14:
conn Tun
left=%any4
leftid=
leftauth=psk
rightauth=psk
authby=secret
right=81...
rightid=81...
keyexchange=ikev1
leftfirewall=yes
rightfirewall=yes
auto=start
type=tunnel
aggressive=no
dpdaction=restart
dpddelay=30
dpdtimeout=150
forceencaps=no
keyingtries=%forever
ike=aes256-md5-modp1024
ikelifetime=7800s
esp=aes256-md5-modp1024
keylife=3600s
rightsubnet=192.168.125.0/24conn passthrough0
leftsubnet=192.168.xxx.0/24
rightsubnet=192.168.xxx.0/24
type=passthrough
authby=never
auto=route
IPSec status:
Status of IKE charon daemon (strongSwan 5.6.2, Linux 3.18.44, mips):
uptime: 29 minutes, since May 07 10:34:13 2021
malloc: sbrk 114688, mmap 0, used 108744, free 5944
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem gmp xcbc hmac kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
192.168.yyy.yyy
192.168.xxx.xxx
Connections:
Tun: %any4...81... IKEv1, dpddelay=30s
Tun: local: [any4] uses pre-shared key authentication
Tun: remote: [81...] uses pre-shared key authentication
Tun: child: 192.168.xxx.0/24 === 192.168.xxx.0/24 PASS, dpdaction=restart
Shunted Connections:
Tun: 192.168.xxx.0/24 === 192.168.xxx.0/24 PASS
Security Associations (0 up, 0 connecting):
none
The live protocoll from our firewall does not register a quote from remote adress.
Regards