Initiate the IPsec site-to-site VPN tunnel (Fedora/RHEL/Centos)
An example of how to initiate a tunnel connection that you've already configured.
- Create the tunnel connection.
$ swanctl -c
- Initiate the tunnel connection.
$ swanctl -i -c tunnel-1 -i devcloud1
[IKE] initiating IKE_SA devcloud1[1] to 169.61.111.164 [ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N (REDIR_SUP) ] [NET] sending packet: from 172.16.0.4[500] to 10.10.2.3[500] (264 bytes) [NET] received packet: from 10.10.2.3[500] to 172.16.0.4[500] (341 bytes) [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ] [CFG] selected proposal: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256 [IKE] local host is behind NAT, sending keep alives [IKE] received cert request for "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [IKE] received cert request for "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [IKE] received 2 cert requests for an unknown ca [IKE] sending cert request for "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [IKE] authentication of 'devcloud1.vpn.am' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful [IKE] sending end entity cert "C=UK, O=RAVPNWhitePaper, CN=devcloud1.vpn.am" [IKE] establishing CHILD_SA tunnel-1{1} [ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N (ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(M SG_ID_SYN_SUP) ] [NET] sending packet: from 172.16.0.4[4500] to 10.10.2.3[4500] (1607 bytes) [NET] received packet: from 10.10.2.3[4500] to 172.16.0.4[4500] (1500 bytes) [ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) ] [IKE] received end entity cert "C=UK, O=RAVPNWhitePaper, CN=server.vpn.am" [CFG] using certificate "C=UK, O=RAVPNWhitePaper, CN=server.vpn.am" [CFG] using trusted ca certificate "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [CFG] checking certificate status of "C=UK, O=RAVPNWhitePaper, CN=server.vpn.am" [CFG] fetching crl from 'http://crl.vpn.am/ca/root-ca.crl' ... [CFG] using trusted certificate "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [CFG] crl correctly signed by "C=UK, O=RAVPNWhitePaper, OU=RAVPNWhitePaper Test CA, CN=RAVPNWhitePaper Test Root CA" [CFG] crl is valid: until Jan 28 03:04:53 2020 [CFG] certificate status is good [CFG] reached self-signed root ca with a path length of 0 [IKE] authentication of 'hub.vpn.am' with RSA_EMSA_PKCS1_SHA2_256 successful [IKE] IKE_SA spoke3[1] established between 172.16.0.4[devcloud1.vpn.am]...10.10.2.3[server.vpn.am] [IKE] scheduling rekeying in 13313s [IKE] maximum IKE_SA lifetime 14753s [CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ [IKE] CHILD_SA spoke3-vti{1} established with SPIs c75e729c_i c2f7bd8a_o and TS 10.200.0.0/24 === 0.0.0.0/0 [IKE] received AUTH_LIFETIME of 13581s, scheduling reauthentication in 12141s initiate completed successfully