<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>Hello All,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I am new in this community and strongswan.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I would like to setup the simplest possible scenario for ipsec between two units.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I am using host-host example on strongswan
website using PSK. One unit (left side )is running strongswan 5.0.1 (Embedded target on Openwrt attitude) and another end (right side)runs Strongswan 4-5.2.1.2 on Ubuntu. They are directly connected and there is no router or firewall in between.<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">I can start both ipsec daemons on both sides. <br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">After running <span style="font-weight: bold;">>> ipsec up lmu </span>on machine with 5.0.1 version it keeps sending a request to another machine which I can <br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style:
normal;">capture it using tcpdum : IP 192.168.1.55.500 > 192.168.1.209.500: isakmp: phase 1 I ident<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">But as soon as I run on Ubuntu machine the command <span style="font-weight: bold;">>>ipsec up desktop</span> I get the following error:</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span style="font-style: italic;"><span style="text-decoration: underline;">022 "desktop": we have no ipsecN interface for either end of this connection</span></span><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div
style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Below you can see ipsec.conf form both side along with ipsec.secret which is the same for both sides. I appreciate if someone can help me with that.<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span
style="font-weight: bold;">here is the ipsec.conf for 5.0.1 on Openwrt target machine:</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"># ipsec.conf - strongSwan IPsec configuration file<br><br># basic configuration<br><br>config setup<br> strictcrlpolicy=no<br> # uniqueids = no<br><br>conn %default<br> keyexchange=ikev1<br> authby=secret<br><br># Add connections here.<br><br># Sample VPN connections<br><br>conn lmu<br> leftsubnet=192.168.1.0/24<br>
left=192.168.1.55<br> leftid=@lmu.strongswan.com<br> leftsendcert=never<br> right=192.168.1.209<br> rightid=@desktop.strongswan.com<br> rightsubnet=192.68.1.0/24<br> auto=add<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span style="font-weight: bold;">here is ipsec.conf for 4-5.2.1.2:</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size:
16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"># ipsec.conf - strongSwan IPsec configuration file<br><br># basic configuration<br><br>config setup<br> # plutodebug=all<br> # crlcheckinterval=600<br> # strictcrlpolicy=yes<br> # cachecrls=yes<br> # nat_traversal=yes<br> plutodebug=control<br> charonstart=no<br> #plutostart=no<br><br>conn %default<br> keyingtries=1<br> keyexchange=ikev1<br> authby=secret<br># Add connections
here.<br><br># Sample VPN connections<br><br>conn desktop<br> left=192.18.1.209<br> leftid=@desktop.strongswan.com<br> leftsendcert=never<br> right=192.168.1.55<br> rightid=@lmu.strongswan.com<br> auto=add<br><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><span style="font-weight: bold;">here is the ipsec.secret:</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div
style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"> This file holds shared secrets or RSA private keys for inter-Pluto<br># authentication. See ipsec_pluto(8) manpage, and HTML documentation.<br><br># RSA private key for this host, authenticating it to any other host<br># which knows the public part. Suitable public keys, for ipsec.conf, DNS,<br># or configuration of other implementations, can be extracted conveniently<br># with "ipsec showhostkey".<br><br># this file is managed with debconf and will contain the automatically created private key<br>#include /var/lib/strongswan/ipsec.secrets.inc<br><br>#192.168.1.209 192.168.1.55 : PSK "yourpasswordhere"<br>@desktop.strongswan.com @lmu.strongswan.com : PSK "yourpasswordhere"<br><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new
york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Thanks,</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Farid<br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div></div></body></html>