Добрый день.
Настраиваю strongSwan под Ubuntu LTS 16.04.Конфини и вывод каманд.
Host A
===============================================
/etc/ipsec.conf
------------------------------------------------
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn tunnel #
left=Y.Y.Y.Y
leftsubnet=172.29.1.0/24
right=X.X.X.X
rightsubnet=172.29.2.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
------------------------------------------------
/etc/ipsec.secrets
------------------------------------------------
Y.Y.Y.Y X.X.X.X: PSK'networklessons'
------------------------------------------------
ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-24-generic, i686):
uptime: 87 minutes, since Jun 23 06:29:45 2016
malloc: sbrk 540672, mmap 0, used 171816, free 368856
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Listening IP addresses:
Y.Y.Y.Y
172.29.1.254
Connections:
tunnel: Y.Y.Y.Y...X.X.X.X IKEv2, dpddelay=30s
tunnel: local: [Y.Y.Y.Y] uses pre-shared key authentication
tunnel: remote: [X.X.X.X] uses pre-shared key authentication
tunnel: child: 172.29.1.0/24 === 172.29.2.0/24 TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
none
===============================================
Host B
===============================================
/etc/ipsec.conf
-----------------------------------------------
config setup
charondebug="all"
uniqueids=yes
strictcrlpolicy=no
conn %default
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn tunnel #
left=X.X.X.X
leftsubnet=172.29.2.0/24
right=1Y.Y.Y.Y
rightsubnet=172.29.1.0/24
ike=aes256-sha2_256-modp1024!
esp=aes256-sha2_256!
keyingtries=0
ikelifetime=1h
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
authby=secret
auto=start
keyexchange=ikev2
type=tunnel
-----------------------------------------------
/etc/ipsec.secrets
------------------------------------------------
X.X.X.X Y.Y.Y.Y: PSK'networklessons'
------------------------------------------------
ipsec statusall
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.19.0-25-generic, x86_64):
uptime: 2 hours, since Jun 23 06:28:52 2016
malloc: sbrk 1486848, mmap 0, used 320736, free 1166112
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
Listening IP addresses:
X.X.X.X
172.29.2.254
Connections:
tunnel: X.X.X.X...1Y.Y.Y.Y IKEv2, dpddelay=30s
tunnel: local: [X.X.X.X] uses pre-shared key authentication
tunnel: remote: [1Y.Y.Y.Y] uses pre-shared key authentication
tunnel: child: 172.29.2.0/24 === 172.29.1.0/24 TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
none
===============================================
Тоннель не поднимается. Пакеты появляются на внешнем интерфейсы и просто уходят на шлюз по умолчания роутера. В тоннель даже не пытаются завернуться. Что я не так делаю?