<div dir="ltr"><div><div><div><div>Hi everybody,<br></div>Thank you very much for the information. <br>i am try to configure the IPSec connection and now the client is connected to the server but it is no able to
communicate with it. The server always exchange packet information, as
reported also in the log file (attached):<br></div><br>08[ENC] generating INFORMATIONAL_V1 request 224635347 [ HASH N(DPD_ACK) ]<br>
08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
07[IKE] sending retransmit 4 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>
09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br><br></div><div>What is it wrong in my configuration?<br><br></div><div><br></div>Thank you very much<br></div>Bye<br><br>------------------------------<div>
-----------------------------------------------------------------------------------------------------------------------------------<br>
root@debian:~# ipsec start --nofork --debug-all<br>Starting strongSwan 5.0.2 IPsec [starter]...<br>!! Your strongswan.conf contains manual plugin load options for charon.<br>
!! This is recommended for experts only, see<br>!! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>Loading config setup<br>
Loading conn %default<br>
type=tunnel<br> keyexchange=ike<br>Loading conn 'rw'<br> left=172.16.151.100<br> leftcert=gatewayCert.pem<br> leftid=@<a href="http://ipsec.org" target="_blank">ipsec.org</a><br> leftsubnet=<a href="http://192.168.7.0/24" target="_blank">192.168.7.0/24</a><br>
leftfirewall=yes<br> right=%any<br> rightsourceip=<a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a><br> auto=add<br>found netkey IPsec stack<br>Attempting to start charon...<br>00[DMN] Starting IKE charon daemon (strongSwan 5.0.2, Linux 2.6.32-5-amd64, x86_64)<br>
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>00[CFG] loaded ca certificate "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>" from '/etc/ipsec.d/cacerts/strongswanCert.pem'<br>
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<br>00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>
00[CFG] loading crls from '/etc/ipsec.d/crls'<br>00[CFG] loading secrets from '/etc/ipsec.secrets'<br>00[CFG] loaded RSA private key from '/etc/ipsec.d/private/gatewayKey.pem'<br>00[DMN]
loaded plugins: charon curl test-vectors aes des sha1 sha2 md5 pem
pkcs1 pkcs8 gmp random nonce x509 revocation hmac xcbc cmac ctr ccm gcm
stroke kernel-netlink socket-default updown<br>
00[JOB] spawning 16 worker threads<br>charon (1711) started after 20 ms<br>07[CFG] received stroke: add connection 'rw'<br>07[CFG] adding virtual IP address pool <a href="http://192.168.10.0/24" target="_blank">192.168.10.0/24</a><br>
07[CFG] loaded certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>" from 'gatewayCert.pem'<br>07[CFG] id '<a href="http://ipsec.org" target="_blank">ipsec.org</a>' not confirmed by certificate, defaulting to 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>'<br>
07[CFG] added configuration 'rw'<br><br>12[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)<br>12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V ]<br>
12[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID<br>12[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62<br>12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
12[IKE] received NAT-T (RFC 3947) vendor ID<br>12[IKE] received FRAGMENTATION vendor ID<br>12[IKE] received DPD vendor ID<br>12[ENC] received unknown vendor ID: f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26<br>12[ENC] received unknown vendor ID: 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51<br>
12[ENC] received unknown vendor ID: 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b<br>12[IKE] received Cisco Unity vendor ID<br>12[IKE] 172.16.151.141 is initiating a Main Mode IKE_SA<br>12[ENC] generating ID_PROT response 0 [ SA V V V ]<br>
12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)<br>13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)<br>13[ENC] parsed ID_PROT request 0 [ KE No CERTREQ NAT-D NAT-D ]<br>
13[IKE] ignoring certificate request without data<br>13[IKE] sending cert request for "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>
13[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]<br>
13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (499 bytes)<br>14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)<br>14[ENC] parsed ID_PROT request 0 [ ID CERT SIG ]<br>
14[IKE] received end entity cert "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>14[CFG] looking for RSA signature peer configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>]<br>
14[CFG] selected peer config "rw"<br>14[CFG] using certificate "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>14[CFG] using trusted ca certificate "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>
14[CFG] checking certificate status of "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>14[CFG] certificate status is not available<br>14[CFG] reached self-signed root ca with a path length of 0<br>
14[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>' with RSA successful<br>14[IKE] authentication of 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>' (myself) successful<br>
14[IKE] IKE_SA rw[1] established between 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>]...172.16.151.141[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>]<br>
14[IKE] scheduling reauthentication in 10043s<br>14[IKE] maximum IKE_SA lifetime 10583s<br>14[IKE] sending end entity cert "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>"<br>
14[ENC] generating ID_PROT response 0 [ ID CERT SIG ]<br>14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)<br>08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
08[ENC] parsed INFORMATIONAL_V1 request 221323624 [ HASH N(INITIAL_CONTACT) ]<br>07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>07[ENC] parsed TRANSACTION request 1793578121 [ HASH CP ]<br>
07[IKE] peer requested virtual IP %any<br>07[CFG] assigning new lease to 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>'<br>07[IKE] assigning virtual IP 192.168.10.1 to peer 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>'<br>
07[ENC] generating TRANSACTION response 1793578121 [ HASH CP ]<br>07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)<br>09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (684 bytes)<br>
09[ENC] parsed QUICK_MODE request <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a> [ HASH SA No ID ID ]<br>09[ENC] generating QUICK_MODE response <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a> [ HASH SA No ID ID ]<br>
09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>
10[IKE] sending retransmit 1 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<div class="im">
<br>
11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br></div>
11[ENC] parsed INFORMATIONAL_V1 request 2755921555 [ HASH N(DPD) ]<br>11[ENC] generating INFORMATIONAL_V1 request 382805223 [ HASH N(DPD_ACK) ]<br>11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
12[IKE] sending retransmit 2 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>
15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
15[ENC] parsed INFORMATIONAL_V1 request <a href="tel:3136069899" value="+13136069899" target="_blank">3136069899</a> [ HASH N(DPD) ]<br>15[ENC] generating INFORMATIONAL_V1 request 1565857942 [ HASH N(DPD_ACK) ]<br>15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
14[IKE] sending retransmit 3 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>
08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
08[ENC] parsed INFORMATIONAL_V1 request 167738961 [ HASH N(DPD) ]<br>08[ENC] generating INFORMATIONAL_V1 request 224635347 [ HASH N(DPD_ACK) ]<br>08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
07[IKE] sending retransmit 4 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>
09[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
09[ENC] parsed INFORMATIONAL_V1 request 3385546230 [ HASH N(DPD) ]<br>09[ENC] generating INFORMATIONAL_V1 request 3289707722 [ HASH N(DPD_ACK) ]<br>09[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<div class="im">
<br>
10[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br></div>10[ENC] parsed INFORMATIONAL_V1 request 3118645347 [ HASH N(DPD) ]<br>10[ENC] generating INFORMATIONAL_V1 request 3620922148 [ HASH N(DPD_ACK) ]<br>
10[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<div class="im"><br>11[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br></div>11[ENC] parsed INFORMATIONAL_V1 request 52442727 [ HASH N(DPD) ]<br>
11[ENC] generating INFORMATIONAL_V1 request 1147347881 [ HASH N(DPD_ACK) ]<br>11[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>12[IKE] sending retransmit 5 of response message ID <a href="tel:3472138887" value="+13472138887" target="_blank">3472138887</a>, seq 5<br>
12[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (172 bytes)<br>13[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>13[ENC] parsed INFORMATIONAL_V1 request <a href="tel:3858009195" value="+13858009195" target="_blank">3858009195</a> [ HASH N(DPD) ]<br>
13[ENC] generating INFORMATIONAL_V1 request 2360226256 [ HASH N(DPD_ACK) ]<br>13[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>15[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
15[ENC] parsed INFORMATIONAL_V1 request 130653978 [ HASH N(DPD) ]<br>15[ENC] generating INFORMATIONAL_V1 request 1966052176 [ HASH N(DPD_ACK) ]<br>15[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
14[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>14[ENC] parsed INFORMATIONAL_V1 request <a href="tel:3398287126" value="+13398287126" target="_blank">3398287126</a> [ HASH N(DPD) ]<br>
14[ENC] generating INFORMATIONAL_V1 request 2004937150 [ HASH N(DPD_ACK) ]<br>
14[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>08[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>08[ENC] parsed INFORMATIONAL_V1 request 1247206381 [ HASH N(DPD) ]<br>
08[ENC] generating INFORMATIONAL_V1 request 69586892 [ HASH N(DPD_ACK) ]<br>08[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>07[NET] received packet: from 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)<br>
07[ENC] parsed INFORMATIONAL_V1 request 1989574186 [ HASH N(DPD) ]<br>07[ENC] generating INFORMATIONAL_V1 request 2000694412 [ HASH N(DPD_ACK) ]<br>07[NET] sending packet: from 172.16.151.100[500] to 172.16.151.141[500] (92 bytes)<br>
16[KNL] creating delete job for ESP CHILD_SA with SPI c05ddaef and reqid {1}<br>09[JOB] CHILD_SA with reqid 1 not found for delete<br>10[IKE] giving up after 5 retransmits<br>10[CFG] lease 192.168.10.1 by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=<a href="mailto:root@ipsec.com" target="_blank">root@ipsec.com</a>' went offline<br>
03[KNL] 192.168.7.10 disappeared from eth1<br>03[KNL] 192.168.7.142 appeared on eth1<div class=""><div id=":xx" class="" tabindex="0"><img class="" src="https://mail.google.com/mail/u/0/images/cleardot.gif"></div></div></div>
<br clear="all"><br>-- <br><a href="http://www.2dd.it" target="_blank">http://www.2dd.it</a>
</div>