w\<br><br><div class="gmail_quote">On Thu, Jan 20, 2011 at 5:54 AM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
With strongSwan 4.5.0 if you want an IKEv1 connection you must<br>
define<br>
<br>
keyexchange=ikev1<br>
<br>
explicitly since the default is ikev2.<br>
<br></blockquote><div><br></div><div>Doesn't ikev2 work for me ? </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Regards<br>
<br>
Andreas<div class="im"><br>
<br>
On 01/19/2011 04:34 PM, Spacelee wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
this is the first time I try strongswan, and I couldn't establish a<br>
connection, here is the configuration file :<br>
server : centos 5.5 64 bit<br>
strongswan : newest<br>
client : mac os<br>
<br>
ipsec.conf :<br>
config setup<br>
# crlcheckinterval=600<br>
# strictcrlpolicy=yes<br>
# cachecrls=yes<br>
nat_traversal=yes<br>
charonstart=yes<br>
plutostart=yes<br>
conn L2TP<br>
authby=psk<br>
pfs=no<br>
rekey=no<br>
type=tunnel<br>
left=192.168.1.97<br>
leftnexthop=%defaultroute<br>
leftprotoport=17/1701<br>
right=%any<br>
rightprotoport=17/%any<br></div>
rightsubnetwithin=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <<a href="http://0.0.0.0/0" target="_blank">http://0.0.0.0/0</a>><div class="im"><br>
auto=add<br>
<br>
<br>
xl2tpd.conf<br>
[global]<br>
debug network = yes<br>
debug tunnel = yes<br>
[lns default]<br>
ip range = 10.0.0.200-10.0.0.254<br>
local ip = 10.0.0.1<br>
require chap = yes<br>
refuse pap = yes<br>
require authentication = yes<br></div>
name = <a href="http://NIELSPEEN.COM" target="_blank">NIELSPEEN.COM</a> <<a href="http://NIELSPEEN.COM" target="_blank">http://NIELSPEEN.COM</a>><div class="im"><br>
ppp debug = yes<br>
pppoptfile = /etc/ppp/options.xl2tpd<br>
length bit = yes<br>
<br>
<br>
options.xl2tpd<br>
ipcp-accept-local<br>
ipcp-accept-remote<br>
ms-dns 8.8.8.8<br>
noccp<br>
auth<br>
crtscts<br>
idle 1800<br>
mtu 1410<br>
mru 1410<br>
nodefaultroute<br>
debug<br>
lock<br>
proxyarp<br>
connect-delay 5000<br>
<br>
<br>
ipsec.secrets<br>
192.168.1.97 %any : PSK "testpsk"<br>
<br>
and the /var/log/secure<br>
<br>
Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages<br>
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0<br>
</div><a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> <<a href="http://192.168.1.97:500" target="_blank">http://192.168.1.97:500</a>><div class="im"><br>
Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0<br>
</div><a href="http://192.168.1.97:4500" target="_blank">192.168.1.97:4500</a> <<a href="http://192.168.1.97:4500" target="_blank">http://192.168.1.97:4500</a>><div class="im"><br>
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo<br>
</div><a href="http://127.0.0.1:500" target="_blank">127.0.0.1:500</a> <<a href="http://127.0.0.1:500" target="_blank">http://127.0.0.1:500</a>><div class="im"><br>
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo<br>
</div><a href="http://127.0.0.1:4500" target="_blank">127.0.0.1:4500</a> <<a href="http://127.0.0.1:4500" target="_blank">http://127.0.0.1:4500</a>><div class="im"><br>
Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500<br>
Jan 19 23:31:18 localhost pluto[13051]: loading secrets from<br>
"/etc/ipsec.secrets"<br>
Jan 19 23:31:18 localhost pluto[13051]: loaded PSK secret for<br>
192.168.1.97 %any<br>
Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started<br>
after 20 ms<br>
Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [RFC 3947]<div class="im"><br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4df37928e9fc4fd1b3262170d515c662]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[8f8d83826d246b6fc7a8a6a428c11de8]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[439b59f8ba676c4c7737ae22eab8f582]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4d1e0e136deafa34c4f3ea9f02ec7285]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[80d0bb3def54565ee84645d4c85ce3ee]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[9909b64eed937c6573de52ace952fa6b]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-03]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02_n]<br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [Dead Peer Detection]<div class="im"><br>
Jan 19 23:31:25 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: initial Main Mode message received on<br>
<a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> <<a href="http://192.168.1.97:500" target="_blank">http://192.168.1.97:500</a>> but no connection has been<div class="im"><br>
authorized with policy=PSK<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [RFC 3947]<div class="im"><br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4df37928e9fc4fd1b3262170d515c662]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[8f8d83826d246b6fc7a8a6a428c11de8]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[439b59f8ba676c4c7737ae22eab8f582]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4d1e0e136deafa34c4f3ea9f02ec7285]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[80d0bb3def54565ee84645d4c85ce3ee]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[9909b64eed937c6573de52ace952fa6b]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-03]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02_n]<br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [Dead Peer Detection]<div class="im"><br>
Jan 19 23:31:28 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: initial Main Mode message received on<br>
<a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> <<a href="http://192.168.1.97:500" target="_blank">http://192.168.1.97:500</a>> but no connection has been<div class="im"><br>
authorized with policy=PSK<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [RFC 3947]<div class="im"><br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4df37928e9fc4fd1b3262170d515c662]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[8f8d83826d246b6fc7a8a6a428c11de8]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[439b59f8ba676c4c7737ae22eab8f582]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[4d1e0e136deafa34c4f3ea9f02ec7285]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[80d0bb3def54565ee84645d4c85ce3ee]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[9909b64eed937c6573de52ace952fa6b]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-03]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: ignoring Vendor ID payload<div class="im"><br>
[draft-ietf-ipsec-nat-t-ike-02_n]<br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: received Vendor ID payload [Dead Peer Detection]<div class="im"><br>
Jan 19 23:31:31 localhost pluto[13051]: packet from <a href="http://192.168.1.102:500" target="_blank">192.168.1.102:500</a><br></div>
<<a href="http://192.168.1.102:500" target="_blank">http://192.168.1.102:500</a>>: initial Main Mode message received on<br>
<a href="http://192.168.1.97:500" target="_blank">192.168.1.97:500</a> <<a href="http://192.168.1.97:500" target="_blank">http://192.168.1.97:500</a>> but no connection has been<br>
authorized with policy=PSK<br>
--<br>
*Space Lee*<br>
</blockquote>
==================================================================<br><font color="#888888">
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><div><b>Space Lee</b></div><br>