<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>IKEv1 not working</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">Hi,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">This is regarding</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#548DD4" FACE="Calibri">an issue that we are facing with IKEv1.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">We are able to setup an IPSEC tunnel with IKE</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">v2 but the same is failing with IKEv1.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri">I</FONT><FONT COLOR="#000000" FACE="Calibri">psec.</FONT><FONT COLOR="#000000" FACE="Calibri">conf</FONT> <FONT COLOR="#000000" FACE="Calibri">file</FONT></B></SPAN><SPAN LANG="en-us"><B> <FONT COLOR="#000000" FACE="Calibri">for IKEv2</FONT></B></SPAN><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri">:</FONT></B></SPAN><SPAN LANG="en-us"><B></B></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">config setup</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> # plutodebug=all</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> strictcrlpolicy=no</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> charonstart=yes</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> plutostart=no</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> charondebug=all</FONT></SPAN></P>
<BR>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">ca strongswan</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> cacert=caCert.de</FONT><FONT COLOR="#000000" FACE="Calibri">r</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> auto=add</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">conn sample-with-ca-cert</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> left=169.254.1.70</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> leftsubnet=169.254.1.0/24</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> leftcert=VC2Cert.der</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> right=169.254.0.70</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> rightsubnet=169.254.0.0/24</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> rightid="C=CH, O=strongSwan, CN=169.254.0.70"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> keyexchange=ikev2</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> auto=start</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">This configuration works fine for IKEv2 tunnels</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">:</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri"># ipsec status</FONT></B></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">Security Associations:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">sample-with-ca-cert[1]: ESTABLISHED 18 seconds ago, 169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]...169.254.1.70[C=CH</FONT><FONT COLOR="#000000" FACE="Calibri">, O=strongSwan, CN=169.254.1.70]</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">sample-with-ca-cert{1}: INSTALLED, TUNNEL, ESP SPIs: cb854b6d_i cd9ac880_o</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">sample-with-ca-cert{1}: 169.254.0.0/24 === 169.254.1.0/24</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">The instant we try this for IKEv1</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">(</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">keyexchange=ikev</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">1</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000">,</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> charonstart=</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">no</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000">,</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> plutostart=</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">yes</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">)</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">, it fails and the tunnel is not getting established.</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri"># ipsec status</FONT></B></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000 "sample-with-ca-cert": 169.254.1.0/24===16</FONT><FONT COLOR="#000000" FACE="Calibri">9.254.1.70[C=CH, O=strongSwan, CN=169.254.1.70]...169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]===169.254.0.0/24; unrouted; eroute owner: #0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000 "sample-with-ca-cert": newest ISAKMP SA: #0; newest IPsec SA: #0; </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000 </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000 #1: "sample-with-ca-cert" STA</FONT><FONT COLOR="#000000" FACE="Calibri">TE_MAIN_I2 (sent MI2, expecting MR2); EVENT_RETRANSMIT in 8s</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000 #1: pending Phase 2 for "sample-with-ca-cert" replacing #0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">000</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">N</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">o</FONT> <FONT COLOR="#548DD4" FACE="Calibri">logging</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#548DD4" FACE="Calibri">was observed</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"> at all for IKEv1</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">. Could you please let us know</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#548DD4" FACE="Calibri">how to solve this issue</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">??</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">Please find some of the details</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"> of our environment</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"> below:</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri">Server:</FONT></B></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Calibri"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Calibri">Ubuntu</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"></FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#000000" FACE="Calibri">–</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> linux-</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">2.6.35</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><B><FONT COLOR="#000000" FACE="Calibri">Strongswan</FONT></B></SPAN><SPAN LANG="en-us"><B> <FONT COLOR="#000000" FACE="Calibri">IKEv1</FONT></B></SPAN><SPAN LANG="en-us"><B> <FONT COLOR="#000000" FACE="Calibri">version:</FONT></B></SPAN><SPAN LANG="en-us"> </SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"># apt-cache policy strongswan-ikev1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri">strongswan-ikev1:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> Installed: 4.5.2-1.1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> Candidate: 4.5.2-1.1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> Version table:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> *** 4.5.2-1.1 0</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#000000" FACE="Calibri"> 100 /var/lib/dpkg/status</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">We assume that IKEv1 is already installed from the above status.</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">Can you let us know of any other way to check</FONT></SPAN><SPAN LANG="en-us"> <FONT COLOR="#548DD4" FACE="Calibri">if</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"> IKE</FONT></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri">v1</FONT><FONT COLOR="#548DD4" FACE="Calibri"> is supported?</FONT></SPAN><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"><I></I></SPAN><SPAN LANG="en-us"><I></I></SPAN><I><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" SIZE=2 FACE="Arial">Thanks & Regards,</FONT></SPAN></I><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"><BR>
</FONT></SPAN><SPAN LANG="en-us"><I></I></SPAN><SPAN LANG="en-us"><I></I></SPAN><I><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" SIZE=2 FACE="Arial">Kavitha</FONT></SPAN></I><SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><FONT COLOR="#548DD4" FACE="Calibri"> </FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>
</BODY>
</HTML>