<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7655.1">
<TITLE>RE: [strongSwan] newbie qs. suite B with AES-GCM</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>From: Andreas Steffen [<A HREF="mailto:andreas.steffen@strongswan.org">mailto:andreas.steffen@strongswan.org</A>]<BR>
<BR>
Your VPN gateway is either not listening on UDP port 500<BR>
or the response got lost somehow. Is strongSwan running on<BR>
moon?<BR>
<BR>
On 06.01.2012 00:59, Philip Anil-QBW348 wrote:<BR>
> Andreas,<BR>
> I corrected it and tried again. It has trouble sending so I interrupted<BR>
> and tried ping which is able to see a path.<BR>
> Anil<BR>
><BR>
> ~$ sudo /etc/init.d/iptables start 2> /dev/null<BR>
> ~$ sudo ipsec restart<BR>
> Stopping strongSwan IPsec...<BR>
> Starting strongSwan 4.5.2 IPsec [starter]...<BR>
> !! Your strongswan.conf contains manual plugin load options for<BR>
> !! pluto and/or charon. This is recommended for experts only, see<BR>
> !! <A HREF="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</A><BR>
> ~$ sudo ipsec up home<BR>
> initiating IKE_SA home[1] to 192.168.1.100<BR>
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<BR>
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]<BR>
> retransmit 1 of request with message ID 0<BR>
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]<BR>
> retransmit 2 of request with message ID 0<BR>
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]<BR>
> retransmit 3 of request with message ID 0<BR>
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]<BR>
> retransmit 4 of request with message ID 0<BR>
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]<BR>
<BR>
-----------------<BR>
Andreas,<BR>
I am able to ping from moon to carol, and from carol to moon.<BR>
I run wireshark on both and when I run on carol,<BR>
~$ sudo ipsec up home<BR>
There is nothing in wireshark using filter udp.port == 500<BR>
In other words, there is no outbound traffic from carol.<BR>
<BR>
Here is my setup<BR>
<BR>
[moon ubuntu server 11.10]--ethernet cable--[Netgear wndr3700 wireless router]--ethernet cable--[alice? company intranet] --wifi-- [carol ubuntu laptop]<BR>
<BR>
When I connect from carol laptop to router, I am able to browse the company intranet.<BR>
Strongswan is running on moon. See below<BR>
<BR>
-------MOON-------------------<BR>
~$ sudo ipsec statusall<BR>
[sudo] password for anil:<BR>
Status of IKEv2 charon daemon (strongSwan 4.5.2):<BR>
uptime: 15 hours, since Jan 05 12:02:29 2012<BR>
malloc: sbrk 135168, mmap 0, used 92624, free 42544<BR>
worker threads: 10 idle of 16, job queue load: 0, scheduled events: 0<BR>
loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 revocation hmac xcbc gcm stroke kernel-netlink updown openssl<BR>
Listening IP addresses:<BR>
192.168.1.100<BR>
Connections:<BR>
rw: 192.168.1.100...%any<BR>
rw: local: [moon.strongswan.org] uses public key authentication<BR>
rw: remote: [%any] uses any authentication<BR>
rw: crl: status must be GOOD<BR>
rw: child: 10.1.0.0/16 === dynamic<BR>
Security Associations:<BR>
none<BR>
-----------<BR>
I appreciate any help.<BR>
<BR>
Anil<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>