<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">HI all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I currently have 2 strongSwans in my environment and one is currently authenticating and 1 is not.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have cloned the configurations to the ‘T’ and yet still once allow authentication to pass. The one that is passing authentication is only passing authentication with 1 username, but when I setup another username I get the same errors
as I did previously.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My current network configuration is as follows:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Public <span style="font-family:Wingdings">à</span> 10.137.205.0/24<o:p></o:p></p>
<p class="MsoNormal">Private <span style="font-family:Wingdings">à</span> 172.16.0.0/17<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>strongSwan1<o:p></o:p></u></b></p>
<p class="MsoNormal"><b><u><o:p><span style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal">public ip = 10.137.205.202<o:p></o:p></p>
<p class="MsoNormal">private ip = 172.16.1.60<o:p></o:p></p>
<p class="MsoNormal"><b><u><o:p><span style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>ipsec.conf<o:p></o:p></b></p>
<p class="MsoNormal">config setup<o:p></o:p></p>
<p class="MsoNormal"> plutostart=no<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn %default<o:p></o:p></p>
<p class="MsoNormal"> keyexchange=ikev2<o:p></o:p></p>
<p class="MsoNormal"> type=tunnel<o:p></o:p></p>
<p class="MsoNormal"> rekeyfuzz=0%<o:p></o:p></p>
<p class="MsoNormal"> rekeymargin=30s<o:p></o:p></p>
<p class="MsoNormal"> rekey=yes<o:p></o:p></p>
<p class="MsoNormal"> reauth=no<o:p></o:p></p>
<p class="MsoNormal"> ikelifetime=7m<o:p></o:p></p>
<p class="MsoNormal"> keylife=5m<o:p></o:p></p>
<p class="MsoNormal"> authby=secret<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>rw-psk.conf<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn rw-psk<o:p></o:p></p>
<p class="MsoNormal"> left=10.137.205.202 <span style="font-family:Wingdings">
ß</span> VPN Concentrator address<o:p></o:p></p>
<p class="MsoNormal"> leftfirewall=yes<o:p></o:p></p>
<p class="MsoNormal"> right=%any<o:p></o:p></p>
<p class="MsoNormal"> rightsourceip=172.16.3.0/24 <span style="font-family:Wingdings">
ß</span> Virtual Pool for clients<o:p></o:p></p>
<p class="MsoNormal"> auto=add<o:p></o:p></p>
<p class="MsoNormal"> type=tunnel<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><u>strongSwan2<o:p></o:p></u></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>ipsec.conf<o:p></o:p></b></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">config setup<o:p></o:p></p>
<p class="MsoNormal"> charonstart=yes<o:p></o:p></p>
<p class="MsoNormal"> plutostart=no<o:p></o:p></p>
<p class="MsoNormal"> charondebug=all<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Add connections here.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">conn rw-psk<o:p></o:p></p>
<p class="MsoNormal"> left=10.137.205.176<o:p></o:p></p>
<p class="MsoNormal"> leftsubnet=172.16.24.0/24<o:p></o:p></p>
<p class="MsoNormal"> leftsourceip=172.16.24.0/24<o:p></o:p></p>
<p class="MsoNormal"> right=%any<o:p></o:p></p>
<p class="MsoNormal"> rightsourceip=172.16.24.0/24<o:p></o:p></p>
<p class="MsoNormal"> auto=add<o:p></o:p></p>
<p class="MsoNormal"> authby=psk<o:p></o:p></p>
<p class="MsoNormal"> keyexchange=ikev2<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Errors I am getting all the time now and I have read that there is no matching configuration or something along those lines. I am constantly trying to manipulate the configuration to work, but have had no luck!
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow">13[IKE] tried 1 shared key for '%any' - 'vpntest', but MAC mismatched</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-<o:p></o:p></p>
<p class="MsoNormal">A<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr style="height:105.2pt">
<td width="230" style="width:137.8pt;padding:0in 0in 0in 0in;height:105.2pt">
<p class="MsoNormal" align="right" style="text-align:right;line-height:115%"><b><span style="color:#003049"><o:p> </o:p></span></b></p>
</td>
<td width="197" style="width:118.45pt;padding:0in 0in 0in 0in;height:105.2pt">
<p class="MsoNormal" align="center" style="text-align:center;line-height:115%"><span style="font-size:12.0pt;line-height:115%"><o:p> </o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
--------------------------------------------------------------------- <br>
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
</body>
</html>