# gateway-a
#### ipsec statusall
```
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-163-generic, x86_64):
uptime: 53 minutes, since Jan 03 11:03:38 2022
malloc: sbrk 2326528, mmap 532480, used 1443104, free 883424
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Listening IP addresses:
192.168.112.15
172.16.16.16
10.1.0.1
Connections:
gateway-A-to-cloud: 172.16.16.16...172.30.30.30 IKEv2, dpddelay=30s
gateway-A-to-cloud: local: [172.16.16.16] uses pre-shared key authentication
gateway-A-to-cloud: remote: [172.30.30.30] uses pre-shared key authentication
gateway-A-to-cloud: child: 172.16.16.16/32 === 10.2.0.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
gateway-A-to-cloud[2]: ESTABLISHED 46 minutes ago, 172.16.16.16[172.16.16.16]...172.30.30.30[172.30.30.30]gateway-A-to-cloud[2]: IKEv2 SPIs: bc7d51d8c678dbe9_i e154fc792cc40154_r*, pre-shared key reauthentication in 117 minutes
gateway-A-to-cloud[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
gateway-A-to-cloud{2}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfe3cda2_i c7ccba92_o
gateway-A-to-cloud{2}: AES_CBC_256/HMAC_SHA2_256_128, 87690 bytes_i (790 pkts, 37s ago), 68610 bytes_o (812 pkts, 37s ago), rekeying in 44 minutes
gateway-A-to-cloud{2}: 172.16.16.16/32 === 10.2.0.0/24
```
#### ip xfrm policy
```
src 172.16.16.16/32 dst 10.2.0.0/24
dir out priority 371327
tmpl src 172.16.16.16 dst 172.30.30.30
proto esp spi 0xc7ccba92 reqid 1 mode tunnel
src 10.2.0.0/24 dst 172.16.16.16/32
dir fwd priority 371327
tmpl src 172.30.30.30 dst 172.16.16.16
proto esp reqid 1 mode tunnel
src 10.2.0.0/24 dst 172.16.16.16/32
dir in priority 371327
tmpl src 172.30.30.30 dst 172.16.16.16
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
```
#### ip xfrm state
```
src 172.16.16.16 dst 172.30.30.30
proto esp spi 0xc7ccba92 reqid 1 mode tunnel
replay-window 0 flag af-unspec
auth-trunc hmac(sha256) 0xabfd8eba04e59be44ae782d31291ec4537d1e2b99bd416c2a9ccdd5a55bbc375 128
enc cbc(aes) 0x722b3f4e5fa94eb707c86b913f6038aaa1d14142eb89e03ec31d529508c21725
anti-replay context: seq 0x0, oseq 0x32c, bitmap 0x00000000
src 172.30.30.30 dst 172.16.16.16
proto esp spi 0xcfe3cda2 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha256) 0x8904ec9b66881c7995dbb69f96e2eeaf099324a10592ad7163385ec37e08ad79 128
enc cbc(aes) 0x4c5f28cad1b2bd0838491955a567a5845fc694fca366e09a7e7b6931e1f37a04
anti-replay context: seq 0x316, oseq 0x0, bitmap 0xffffffff
```
# gateway-b
#### ipsec statusall
```
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-163-generic, x86_64):
uptime: 55 minutes, since Jan 03 11:07:10 2022
malloc: sbrk 2326528, mmap 532480, used 1455216, free 871312
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Listening IP addresses:
192.168.116.15
172.18.18.18
10.1.0.1
Connections:
gateway-B-to-cloud: 172.18.18.18...172.30.30.30 IKEv2, dpddelay=30s
gateway-B-to-cloud: local: [172.18.18.18] uses pre-shared key authentication
gateway-B-to-cloud: remote: [172.30.30.30] uses pre-shared key authentication
gateway-B-to-cloud: child: 172.18.18.18/32 === 10.2.0.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
gateway-B-to-cloud[1]: ESTABLISHED 51 minutes ago, 172.18.18.18[172.18.18.18]...172.30.30.30[172.30.30.30]
gateway-B-to-cloud[1]: IKEv2 SPIs: aa2c397e34c28306_i* 10568b5224749e4e_r, pre-shared key reauthentication in 107 minutes
gateway-B-to-cloud[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
gateway-B-to-cloud{3}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c8ee7e88_i c3e49f12_o
gateway-B-to-cloud{3}: AES_CBC_256/HMAC_SHA2_256_128, 102120 bytes_i (920 pkts, 254s ago), 79764 bytes_o (943 pkts, 254s ago), rekeying in 39 minutes
gateway-B-to-cloud{3}: 172.18.18.18/32 === 10.2.0.0/24
```
#### ip xfrm policy
```
src 172.18.18.18/32 dst 10.2.0.0/24
dir out priority 371327
tmpl src 172.18.18.18 dst 172.30.30.30
proto esp spi 0xc3e49f12 reqid 1 mode tunnel
src 10.2.0.0/24 dst 172.18.18.18/32
dir fwd priority 371327
tmpl src 172.30.30.30 dst 172.18.18.18
proto esp reqid 1 mode tunnel
src 10.2.0.0/24 dst 172.18.18.18/32
dir in priority 371327
tmpl src 172.30.30.30 dst 172.18.18.18
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
```
#### ip xfrm state
```
src 172.18.18.18 dst 172.30.30.30
proto esp spi 0xc3e49f12 reqid 1 mode tunnel
replay-window 0 flag af-unspec
auth-trunc hmac(sha256) 0x31a3dd874f4e07243f07ed1f7fb5e5aeb51d30fb5d891896c6b882ca7dc14d32 128
enc cbc(aes) 0x04e44462c615390ca75ac0bb07df063a0885d93ed3417513f111889ad574a633
anti-replay context: seq 0x0, oseq 0x3af, bitmap 0x00000000
src 172.30.30.30 dst 172.18.18.18
proto esp spi 0xc8ee7e88 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha256) 0xe12eeadd4a104543f96dae7657995d6d6cb15f77dfd64e5ec5e415c548a09035 128
enc cbc(aes) 0x159f14339b0789a45ad9a4bb00cc3af76d0f174febba81115045ef428a2e218b
anti-replay context: seq 0x398, oseq 0x0, bitmap 0xffffffff
```
# gateway-s
#### ipsec statusall
```
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-163-generic, x86_64):
uptime: 33 minutes, since Jan 03 21:57:56 2022
malloc: sbrk 2326528, mmap 532480, used 1484688, free 841840
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 8
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Listening IP addresses:
192.168.120.15
172.30.30.30
192.168.0.1
Connections:
gateway-A-to-cloud: 172.30.30.30...172.16.16.16 IKEv2, dpddelay=30s
gateway-A-to-cloud: local: [172.30.30.30] uses pre-shared key authentication
gateway-A-to-cloud: remote: [172.16.16.16] uses pre-shared key authentication
gateway-A-to-cloud: child: 192.168.0.0/24 === 172.16.16.16/32 TUNNEL, dpdaction=restart
gateway-B-to-cloud: 172.30.30.30...172.18.18.18 IKEv2, dpddelay=30s
gateway-B-to-cloud: local: [172.30.30.30] uses pre-shared key authentication
gateway-B-to-cloud: remote: [172.18.18.18] uses pre-shared key authentication
gateway-B-to-cloud: child: 192.168.0.0/24 === 172.18.18.18/32 TUNNEL, dpdaction=restart
Security Associations (2 up, 0 connecting):
gateway-B-to-cloud[2]: ESTABLISHED 33 minutes ago, 172.30.30.30[172.30.30.30]...172.18.18.18[172.18.18.18]
gateway-B-to-cloud[2]: IKEv2 SPIs: ea32c1f53fb2522c_i* e7db8a90322d774f_r, pre-shared key reauthentication in 2 hours
gateway-B-to-cloud[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
gateway-B-to-cloud{1}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c8fa43f6_i c0899834_o
gateway-B-to-cloud{1}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 8 minutes
gateway-B-to-cloud{1}: 192.168.0.0/24 === 172.18.18.18/32
gateway-A-to-cloud[1]: ESTABLISHED 33 minutes ago, 172.30.30.30[172.30.30.30]...172.16.16.16[172.16.16.16]
gateway-A-to-cloud[1]: IKEv2 SPIs: eb3e7b02cf19056c_i* 9f1dffd7a8a53384_r, pre-shared key reauthentication in 2 hours
gateway-A-to-cloud[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
gateway-A-to-cloud{2}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: cc7a2e57_i cc336c2b_o
gateway-A-to-cloud{2}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 11 minutes
gateway-A-to-cloud{2}: 192.168.0.0/24 === 172.16.16.16/32
```
#### ip xfrm policy
```
src 192.168.0.0/24 dst 172.18.18.18/32
dir out priority 371327
tmpl src 172.30.30.30 dst 172.18.18.18
proto esp spi 0xc0899834 reqid 2 mode tunnel
src 172.18.18.18/32 dst 192.168.0.0/24
dir fwd priority 371327
tmpl src 172.18.18.18 dst 172.30.30.30
proto esp reqid 2 mode tunnel
src 172.18.18.18/32 dst 192.168.0.0/24
dir in priority 371327
tmpl src 172.18.18.18 dst 172.30.30.30
proto esp reqid 2 mode tunnel
src 192.168.0.0/24 dst 172.16.16.16/32
dir out priority 371327
tmpl src 172.30.30.30 dst 172.16.16.16
proto esp spi 0xcc336c2b reqid 1 mode tunnel
src 172.16.16.16/32 dst 192.168.0.0/24
dir fwd priority 371327
tmpl src 172.16.16.16 dst 172.30.30.30
proto esp reqid 1 mode tunnel
src 172.16.16.16/32 dst 192.168.0.0/24
dir in priority 371327
tmpl src 172.16.16.16 dst 172.30.30.30
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
```
#### ip xfrm state
```
src 172.30.30.30 dst 172.18.18.18
proto esp spi 0xc0899834 reqid 2 mode tunnel
replay-window 0 flag af-unspec
auth-trunc hmac(sha256) 0xf5d84371ca4676a9cb8a87ded4a3f220bfb104c512f26dc57e414c082365534e 128
enc cbc(aes) 0xfa95ffb6a6dc2fa3cab19ac1301d74098a55044f67b8d6cccd08d671c2fc25f6
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
src 172.18.18.18 dst 172.30.30.30
proto esp spi 0xc8fa43f6 reqid 2 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha256) 0x1341cf8b6c44ea542cd65fd4744d8bfc16856eddfc281caeafa2909a6d2324c6 128
enc cbc(aes) 0x308e1aa427eee8c9191f6481e780f0abbdaa390ed2c024395a3ed86d256a84b4
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
src 172.30.30.30 dst 172.16.16.16
proto esp spi 0xcc336c2b reqid 1 mode tunnel
replay-window 0 flag af-unspec
auth-trunc hmac(sha256) 0x098dfdbe2b2a75a95a11ae0bd3690e2db0c48ad9245d7020f1fb8af1ea50430c 128
enc cbc(aes) 0xf45449f5dfe3a22579fd3323f21c19a9101575e3c03799a276ddb34e2a83ad40
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
src 172.16.16.16 dst 172.30.30.30
proto esp spi 0xcc7a2e57 reqid 1 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha256) 0xdc8ee990e7639ba7ddb800a3e8880fb2ae3d51d86ec7e464900507712cad7eba 128
enc cbc(aes) 0xd2d0a07494994a1fa9c06e9e8d242db2db6d407db6622f6bb96c7b8515758285
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
```
Sign in with Wallet
Connect another wallet