blob: 5abfbb3e8abc82f43cfbf79e59d722eecc56c6d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
stdin: 10: default peer local mismatch
stdin: 10: default peer psk mismatch
stdin: 10: default peer phase 1 mode mismatch
stdin: 10: default peer srcid mismatch
stdin: 10: default peer dstid mismatch
stdin: 11: default peer local mismatch
stdin: 11: default peer phase 1 auth mismatch
stdin: 11: default peer srcid mismatch
stdin: 11: default peer dstid mismatch
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=1.1.1.1 force
C set [peer-default]:Authentication=secret force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=PRE_SHARED force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-default]:ID=id-src.id force
C set [id-src.id]:ID-type=FQDN force
C set [id-src.id]:Name=src.id force
C set [peer-default]:Remote-ID=id-dst.id force
C set [id-dst.id]:ID-type=FQDN force
C set [id-dst.id]:Name=dst.id force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Phase=2 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:ISAKMP-peer=peer-default force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Configuration=phase2-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Local-ID=from-0.0.0.0/0 force
C set [from-0.0.0.0/0-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-0.0.0.0/0-to-0.0.0.0/0]:Suites=phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-suite-from-0.0.0.0/0-to-0.0.0.0/0]:Protocols=phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0 force
C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-0.0.0.0/0-to-0.0.0.0/0]:Transforms=phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-0.0.0.0/0-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [from-0.0.0.0/0]:Network=0.0.0.0 force
C set [from-0.0.0.0/0]:Netmask=0.0.0.0 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [to-0.0.0.0/0]:Network=0.0.0.0 force
C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
C add [Phase 2]:Connections=from-0.0.0.0/0-to-0.0.0.0/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=1.1.1.1 force
C set [peer-default]:Authentication=secret force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=PRE_SHARED force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-default]:ID=id-src.id force
C set [id-src.id]:ID-type=FQDN force
C set [id-src.id]:Name=src.id force
C set [peer-default]:Remote-ID=id-dst.id force
C set [id-dst.id]:ID-type=FQDN force
C set [id-dst.id]:Name=dst.id force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [to-::/0]:Network=:: force
C set [to-::/0]:Netmask=:: force
C add [Phase 2]:Connections=from-::/0-to-::/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Local-address=2.2.2.2 force
C set [peer-default]:Authentication=insecure force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=AGGRESSIVE force
C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=PRE_SHARED force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-default-PRE_SHARED-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [peer-default]:ID=id-src.wrong force
C set [id-src.wrong]:ID-type=FQDN force
C set [id-src.wrong]:Name=src.wrong force
C set [peer-default]:Remote-ID=id-dst.wrong force
C set [id-dst.wrong]:ID-type=FQDN force
C set [id-dst.wrong]:Name=dst.wrong force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [to-::/0]:Network=:: force
C set [to-::/0]:Netmask=:: force
C add [Phase 2]:Connections=from-::/0-to-::/0
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=phase1-peer-default force
C set [phase1-peer-default]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-default]:Transforms=phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-default-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-::/0-to-::/0]:Phase=2 force
C set [from-::/0-to-::/0]:ISAKMP-peer=peer-default force
C set [from-::/0-to-::/0]:Configuration=phase2-from-::/0-to-::/0 force
C set [from-::/0-to-::/0]:Local-ID=from-::/0 force
C set [from-::/0-to-::/0]:Remote-ID=to-::/0 force
C set [phase2-from-::/0-to-::/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-::/0-to-::/0]:Suites=phase2-suite-from-::/0-to-::/0 force
C set [phase2-suite-from-::/0-to-::/0]:Protocols=phase2-protocol-from-::/0-to-::/0 force
C set [phase2-protocol-from-::/0-to-::/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-::/0-to-::/0]:Transforms=phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-::/0-to-::/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [from-::/0]:Network=:: force
C set [from-::/0]:Netmask=:: force
C set [to-::/0]:ID-type=IPV6_ADDR_SUBNET force
C set [to-::/0]:Network=:: force
C set [to-::/0]:Netmask=:: force
C add [Phase 2]:Connections=from-::/0-to-::/0
|