
<div>Hi,</div>

<div> </div>

<div>I am new to strongswan, and would really appreciate some help in setting up the SAs. For some reason, packets being sent are not being received by the other machine. After retries, it says "peer not responding, try again". Please fine below an excerpt of my log file:</div>


<div> </div>

<div>Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: add connection 'sample-with-ca-cert'<br>Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   loaded certificate "C=CH, O=Linux strongSwan, OU=Sales, <a href="mailto:CN=alice@strongswan.org">CN=alice@strongswan.org</a>" from 'myCert.pem'<br>

Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   id '10.58.114.215' not confirmed by certificate, defaulting to 'C=CH, O=Linux strongSwan, OU=Sales, <a href="mailto:CN=alice@strongswan.org'">CN=alice@strongswan.org'</a><br>

Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] added configuration 'sample-with-ca-cert'<br>Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: initiate 'sample-with-ca-cert'<br>Mar  9 13:25:59 cip-Latitude-D520 charon: 06[IKE] initiating IKE_SA sample-with-ca-cert[1] to 10.58.112.139<br>

Mar  9 13:25:59 cip-Latitude-D520 charon: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>Mar  9 13:25:59 cip-Latitude-D520 charon: 06[NET] sending packet: from 10.58.114.215[500] to 10.58.112.139[500]<br>

Mar  9 13:26:03 cip-Latitude-D520 charon: 14[IKE] retransmit 1 of request with message ID 0<br>Mar  9 13:26:03 cip-Latitude-D520 charon: 14[NET] sending packet: from 10.58.114.215[500] to 10.58.112.139[500]<br>Mar  9 13:26:04 cip-Latitude-D520 charon: 10[CFG] received stroke: add connection 'sample-with-ca-cert'<br>

</div>

<div>Also, please find below my ipsec.conf file:</div>

<div> ipsec.conf - strongSwan IPsec configuration file</div>

<div># basic configuration</div>

<div>config setup<br>        charondebug=all<br>        # plutodebug=all<br>        # crlcheckinterval=600<br>        strictcrlpolicy=yes<br>        # cachecrls=yes - only for ikev1<br>        # nat_traversal=yes<br>        charonstart=yes<br>

        # plutostart=yes - only for ikev1</div>

<div># Add connections here.</div>

<div># Sample VPN connections</div>

<div>#conn sample-self-signed<br>#      left=10.58.112.170<br>#      leftsubnet=<a href="http://10.1.0.0/16">10.1.0.0/16</a><br>#      leftcert=selfCert.der<br>#      leftsendcert=never<br>#      right=10.58.112.235<br>#      rightsubnet=<a href="http://10.2.0.0/16">10.2.0.0/16</a><br>

#      rightcert=peerCert.der<br>#      auto=start</div>

<div>conn sample-with-ca-cert<br>      left=10.58.114.215<br>      leftsubnet=<a href="http://10.58.114.0/24">10.58.114.0/24</a><br>      leftcert=myCert.pem<br>      right=10.58.112.139<br>      rightsubnet=<a href="http://10.58.112.0/24">10.58.112.0/24</a><br>

      rightid="C=CH, O=Linux strongSwan CN=peer name"<br>      keyexchange=ikev2<br>      auto=start</div>

<div>include /var/lib/strongswan/ipsec.conf.inc<br></div>

<div> </div>

<div>Can someone help me out?</div>

<div> </div>

<div>Thanks,</div>

<div>Mira</div>