<p dir="ltr">Hi Andreas,</p>
<p dir="ltr">Thanks for the feedback. I took mt local network out of the equation because it works in the same environment and machine on a different IS (tried MacOS with racoon). That is why I figured it would be rather a matter of configuration instead. </p>
<p dir="ltr">Any suggestions on how I could troubleshoot these possibilities? (Sorry I am not a network guy).</p>
<p dir="ltr">Cheers,</p>
<p dir="ltr">--<br>
Bruno Braga (mobile)</p>
<div class="gmail_quote">On Jan 8, 2013 9:16 AM, "Andreas Steffen" <<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Bruno,<br>
<br>
there is know answer from the VPN gateway on the other end. Either<br>
the gateway cannot be reached over the network, the gateway is not<br>
running an listening on UDP port 500 or it supports the IKEv1 protocol<br>
only.<br>
<br>
Regards<br>
<br>
Andreas<br>
<br>
On <a href="tel:07.01.2013%2014" value="+61701201314" target="_blank">07.01.2013 14</a>:00, BRAGA, Bruno wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I am having a hard time to get an IpSec VPN working in my machine... it<br>
works fine in other OS, and I am sure I am doing something stupid here,<br>
hope some guru can give me guidance!<br>
<br>
I am running Ubuntu 12.10, and installed strongswan (4.5.2), added the<br>
key secret in /etc/ipsec.secrets file, and setup the VPN through network<br>
manager.<br>
<br>
Without tempering with the strongswan.conf file, I have this output<br>
(noted a similar output is :<br>
<br>
--- /var/log/syslog ---<br>
<br>
Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> Starting VPN service<br>
'strongswan'...<br>
Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service<br>
'strongswan' started (org.freedesktop.<u></u>NetworkManager.strongswan), PID 840<br>
Jan 7 22:00:06 mac17 charon: 00[DMN] Starting IKEv2 charon daemon<br>
(strongSwan 4.5.2)<br>
Jan 7 22:00:06 mac17 charon: 00[KNL] listening on interfaces:<br>
Jan 7 22:00:06 mac17 charon: 00[KNL] eth0<br>
Jan 7 22:00:06 mac17 charon: 00[KNL] wlan0<br>
Jan 7 22:00:06 mac17 charon: 00[KNL] 192.168.1.1<br>
Jan 7 22:00:06 mac17 charon: 00[KNL] fe80::129a:ddff:feae:e16a<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading ca certificates from<br>
'/etc/ipsec.d/cacerts'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading aa certificates from<br>
'/etc/ipsec.d/aacerts'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading ocsp signer certificates<br>
from '/etc/ipsec.d/ocspcerts'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading attribute certificates<br>
from '/etc/ipsec.d/acerts'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loading secrets from<br>
'/etc/ipsec.secrets'<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loaded IKE secret for x.x.x.x %any<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] sql plugin: database URI not set<br>
Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'sql': failed to load -<br>
sql_plugin_create returned NULL<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] loaded 0 RADIUS server configurations<br>
Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medsrv' failed to load:<br>
/usr/lib/ipsec/plugins/<u></u>libstrongswan-medsrv.so: cannot open shared<br>
object file: No such file or directory<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] mediation client database URI not<br>
defined, skipped<br>
Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medcli': failed to load -<br>
medcli_plugin_create returned NULL<br>
Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service<br>
'strongswan' appeared; activating connections<br>
Jan 7 22:00:06 mac17 charon: 00[CFG] HA config misses local/remote address<br>
Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'ha': failed to load -<br>
ha_plugin_create returned NULL<br>
Jan 7 22:00:06 mac17 charon: 00[DMN] loaded plugins: test-vectors curl<br>
ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey<br>
pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm<br>
attr kernel-netlink resolve socket-raw farp stroke updown eap-identity<br>
eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc<br>
nm dhcp led addrblock<br>
Jan 7 22:00:06 mac17 charon: 00[JOB] spawning 16 worker threads<br>
Jan 7 22:00:06 mac17 charon: 06[CFG] received initiate for<br>
NetworkManager connection TestVPN<br>
Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN plugin state<br>
changed: starting (3)<br>
Jan 7 22:00:06 mac17 charon: 06[CFG] using CA certificate, gateway<br>
identity x.x.x.x'<br>
Jan 7 22:00:06 mac17 charon: 06[IKE] initiating IKE_SA TestVPN[1]<br>
to x.x.x.x<br>
Jan 7 22:00:06 mac17 charon: 06[ENC] generating IKE_SA_INIT request 0 [<br>
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>
Jan 7 22:00:06 mac17 charon: 06[NET] sending packet: from<br>
192.168.1.1[500] to x.x.x.x[500]<br>
Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN connection<br>
'TestVPN' (Connect) reply received.<br>
Jan 7 22:00:10 mac17 charon: 11[IKE] retransmit 1 of request with<br>
message ID 0<br>
Jan 7 22:00:10 mac17 charon: 11[NET] sending packet: from<br>
192.168.1.1[500] to x.x.x.x[500]<br>
Jan 7 22:00:17 mac17 charon: 12[IKE] retransmit 2 of request with<br>
message ID 0<br>
Jan 7 22:00:17 mac17 charon: 12[NET] sending packet: from<br>
192.168.1.1[500] to x.x.x.x[500]<br>
Jan 7 22:00:30 mac17 wpa_supplicant[1361]: wlan0: WPA: Group rekeying<br>
completed with 00:24:a5:ea:a5:a2 [GTK=CCMP]<br>
Jan 7 22:00:30 mac17 charon: 13[IKE] retransmit 3 of request with<br>
message ID 0<br>
Jan 7 22:00:30 mac17 charon: 13[NET] sending packet: from<br>
192.168.1.1[500] to x.x.x.x[500]<br>
Jan 7 22:00:46 mac17 NetworkManager[1092]: <warn> VPN connection<br>
'TestVPN' (IP Config Get) timeout exceeded.<br>
Jan 7 22:00:46 mac17 NetworkManager[1092]: <info> Policy set 'Braga'<br>
(wlan0) as default for IPv4 routing and DNS.<br>
Jan 7 22:00:46 mac17 charon: 01[IKE] destroying IKE_SA in state<br>
CONNECTING without notification<br>
Jan 7 22:00:51 mac17 charon: 00[DMN] signal of type SIGTERM received.<br>
Shutting down<br>
Jan 7 22:00:51 mac17 NetworkManager[1092]: <info> VPN service<br>
'strongswan' disappeared<br>
<br>
My initial configuration file was:<br>
<br>
--- /etc/strongswan.conf ---<br>
<br>
# strongswan.conf - strongSwan configuration file<br>
charon {<br>
threads = 16<br>
plugins {<br>
sql {<br>
loglevel = -1<br>
}<br>
}<br>
}<br>
<br>
pluto {<br>
}<br>
libstrongswan {<br>
}<br>
<br>
----------------<br>
<br>
And here is the Network Manager configuration:<br>
<br>
--- /etc/NetworkManager/system-<u></u>connections/TestVPN ---<br>
<br>
[connection]<br>
id=TestVPN<br>
uuid=07ac4ce3-c6c3-4d42-8bb6-<u></u>29e56a8751db<br>
type=vpn<br>
autoconnect=false<br>
<br>
[vpn]<br>
service-type=org.freedesktop.<u></u>NetworkManager.strongswan<br>
virtual=no<br>
encap=no<br>
address=x.x.x.x<br>
user=??????<br>
method=eap<br>
ipcomp=yes<br>
password-flags=1<br>
<br>
[ipv4]<br>
method=auto<br>
----------------<br>
<br>
Besides the timeout issue, I noted the plugin loading issues in the<br>
charon logs. Looking at what I got in the system by default:<br>
<br>
$ ls /usr/lib/ipsec/plugins/<br>
libstrongswan-addrblock.so libstrongswan-eap-tls.so<br>
libstrongswan-pkcs11.so<br>
libstrongswan-aes.so libstrongswan-eap-tnc.so<br>
libstrongswan-pkcs1.so<br>
libstrongswan-agent.so libstrongswan-eap-ttls.so<br>
libstrongswan-pubkey.so<br>
libstrongswan-attr.so libstrongswan-farp.so<br>
libstrongswan-random.so<br>
libstrongswan-attr-sql.so libstrongswan-fips-prf.so<br>
libstrongswan-resolve.so<br>
libstrongswan-ccm.so libstrongswan-gcm.so<br>
libstrongswan-revocation.so<br>
libstrongswan-constraints.so libstrongswan-gmp.so<br>
libstrongswan-sha1.so<br>
libstrongswan-ctr.so libstrongswan-ha.so<br>
libstrongswan-sha2.so<br>
libstrongswan-curl.so libstrongswan-hmac.so<br>
libstrongswan-socket-raw.so<br>
libstrongswan-des.so libstrongswan-kernel-netlink.<u></u>so<br>
libstrongswan-sql.so<br>
libstrongswan-dhcp.so libstrongswan-ldap.so<br>
libstrongswan-stroke.so<br>
libstrongswan-dnskey.so libstrongswan-led.so<br>
libstrongswan-test-vectors.so<br>
libstrongswan-eap-aka.so libstrongswan-md5.so<br>
libstrongswan-updown.so<br>
libstrongswan-eap-gtc.so libstrongswan-medcli.so<br>
libstrongswan-x509.so<br>
libstrongswan-eap-identity.so libstrongswan-nm.so<br>
libstrongswan-xauth.so<br>
libstrongswan-eap-md5.so libstrongswan-openssl.so<br>
libstrongswan-xcbc.so<br>
libstrongswan-eap-mschapv2.so libstrongswan-pem.so<br>
libstrongswan-eap-radius.so libstrongswan-pgp.so<br>
<br>
By adding the load into the strongswan.conf file at least clears the<br>
warnings, but I am not sure on if these modules should be here, and<br>
loaded...<br>
<br>
Any help really appreciated!<br>
<br>
Thanks,<br>
<br>
<br>
--<br>
*Braga, Bruno*<br>
<a href="http://www.brunobraga.net" target="_blank">www.brunobraga.net</a> <<a href="http://www.brunobraga.net" target="_blank">http://www.brunobraga.net</a>><br>
<a href="mailto:bruno.braga@gmail.com" target="_blank">bruno.braga@gmail.com</a> <mailto:<a href="mailto:bruno.braga@gmail.com" target="_blank">bruno.braga@gmail.com</a>><br>
<br>
</blockquote>
==============================<u></u>==============================<u></u>==========<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
==============================<u></u>=============================[<u></u>ITA-HSR]==<br>
<br>
</blockquote></div>