I am hoping that someone might be able to help me with a strongswan mesh VPN issue that I am facing. I am using puppet to deploy the code onto my Puppet Server and Puppet Agent. However, the issue that I am facing I believe is purely related to Strongswan and not the Puppet code.

I am running two servers with Ubuntu 22.04 LTS. I have deployed the Strongswan config onto both servers. I can see that it has successfully loaded a connection when looking at the journalctl log. As seen here:

Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Jul 22 10:02:14 server1 swanctl[779439]: successfully loaded 1 connections, 0 unloaded
Jul 22 10:02:14 server1 swanctl[779439]: loaded connection 'server1'
Jul 22 10:02:14 server1 swanctl[779439]: no pools found, 0 unloaded
Jul 22 10:02:14 server1 swanctl[779439]: no authorities found, 0 unloaded

But the connection is not established, When I run swanctl --list-sas I am expecting to see a list of established connections, which I am not seeing. This command does not return anything.

The Puppet config for Strongswan is:

class { 'strongswan':
  connections => {
    $peer_server_public_hostname => {
      version      => 2,
      mobike       => 'no',
      proposals    => 'aes256-sha256-modp2048',
      keyingtries  => '3',
      local_addrs  => $host_server_net_main_ipv4_address,
      local        => {
        id   => $host_server_public_fqdn,
        auth => 'psk',
      },
      remote_addrs => $peer_server_net_main_ipv4_address,
      remote       => {
        id   => $peer_server_public_fqdn,
        auth => 'psk',
      },
      children     => {
        join([$host_server_public_hostname, '-', $peer_server_public_hostname]) => {
          if_id_in         => '0xabcd',
          if_id_out        => '0xabcd',
          start_action     => 'trap',
          esp_proposals    => 'aes256-sha256-modp2048',
          local_ts         => "${host_server_net_mesh_vpn_ipv4_address}/32,${host_server_net_mesh_vpn_ipv4_delegate_subnet}/24",
          remote_ts        => "${peer_server_net_mesh_vpn_ipv4_address}/32,${peer_server_net_mesh_vpn_ipv4_delegate_subnet}/24",
        },
      },
    },
  },
  secrets     => {
    ike-1 => {
      join(['id_', $peer_server_public_hostname]) => $peer_server_public_fqdn,
      join(['id_', $host_server_public_hostname]) => $host_server_public_fqdn,
      secret                                      => '"**REDACTED**"',
    },
  },
  require     => [
    Ufw_rule["mesh_vpn_in_isakmp_udp_ipv4_from_${peer_server_public_hostname}"],
    Ufw_rule["mesh_vpn_in_ipsecnatt_udp_ipv4_from_${peer_server_public_hostname}"],
    Ufw_rule["mesh_vpn_in_esp_ipv4_from_${peer_server_public_hostname}"],
    Ufw_rule["mesh_vpn_in_isakmp_udp_ipv6_from_${peer_server_public_hostname}"],
    Ufw_rule["mesh_vpn_in_ipsecnatt_udp_ipv6_from_${peer_server_public_hostname}"],
    Ufw_rule["mesh_vpn_in_esp_ipv6_from_${peer_server_public_hostname}"],
  ],
}

Any help on what is going wrong or where I am going wrong would be greatly appreciated, thank you.