VPN SPRAXX TUNNEL

Published 2026-04-16T17:36:25Z UTC by Jacques / SPRAXXX

This record says the box is live.

What the record proves

1. The VPN is running now charon is listening on: • UDP 500 • UDP 4500

That means the IKE/IPsec service is active and accepting connections.

2. Forwarding is on net.ipv4.ip_forward = 1

That means the server is allowed to route traffic for connected clients.

3. NAT is on -A POSTROUTING -s 10.66.10.0/24 -o ens6 -j MASQUERADE

That means client traffic from the VPN subnet is being translated out through ens6 to the internet.

4. Client tunnels are installed The ip xfrm and ipsec statusall output shows many installed tunnel policies like: • 0.0.0.0/0 === 10.66.10.40/32 • 0.0.0.0/0 === 10.66.10.39/32 • down through many others

That is not fake. Those are real per-client tunnel lanes.

5. There are many active sessions Security Associations (36 up, 0 connecting)

That is the headline.

6. Virtual IP pool is active 10.66.10.0/24: 254/36/4

That means: • pool size: 254 • currently online: 36 • offline/allocated state shown as 4

So this is not one lonely tunnel. It’s a working pool.

The biggest line on the board

This is the killer proof line:

Security Associations (36 up, 0 connecting)

That means: • 36 active tunnels • nothing stuck half-connecting • the system is not just installed, it is in use

Important detail

strongswan-starter.service is inactive (dead), but that is not the same thing as the VPN being down.

Why? Because the actual IKE daemon shown here is charon, and ipsec statusall proves it has been up for 7 days and is carrying active tunnels.

So the truth is:

the starter wrapper is not running, but the actual VPN engine is alive and carrying traffic.

Machine-summary version

Use this:

ANGRYWU is actively running strongSwan/charon on UDP 500 and 4500, with IP forwarding enabled, NAT enabled for 10.66.10.0/24, and 36 active IKEv2/IPsec security associations installed.

Human-mouth version

Use this:

The server is live. The tunnel is real. The phone key is not cosmetic. The box is currently carrying 36 active secure connections.

Tightest proof bullets • VPN daemon listening: yes • IP forwarding: yes • NAT for VPN subnet: yes • Active tunnels: 36 • Tunnel pool active: yes • Real traffic moving: yes

One correction for clean selling

Do not say: “it might work”

Say: “the server record shows active tunnels, active routing, and live client connections right now.”

That’s the proof.

Best screenshot-worthy lines

If making a proof sheet, these are the money lines: • Security Associations (36 up, 0 connecting) • 10.66.10.0/24: 254/36/4 • udp 0.0.0.0:500 • udp 0.0.0.0:4500 • net.ipv4.ip_forward = 1 • -A POSTROUTING -s 10.66.10.0/24 -o ens6 -j MASQUERADE

That’s your receipts.

One operational note: because this output includes live public IPs and client-assigned addresses, use a redacted version for public-facing proof.