<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div>Hi,</div>
<div> </div>
<div>My apologies for what I know is a dumb question, but I just can’t get StrongSwan working … <font face="Wingdings">L</font>. I want to set up a L2TP/IPSec server on Ubuntu 14.04, and I think I have all the basic pieces installed + have configured things
– but just can’t get a connection working. I want to use Windows, Windows Phone, iOS and Android clients – but for now just trying to get Windows going, and not wanting to use keys (to start, keep it simple). Here are my config files (matching an example on
the web site),</div>
<div> </div>
<div>/etc/ipsec.conf (standard, just using my IP address behind the cable mode / router):</div>
<div> </div>
<div>config setup</div>
<div> </div>
<div>conn %default</div>
<div> ikelifetime=60m</div>
<div> keylife=20m</div>
<div> rekeymargin=3m</div>
<div> keyingtries=1</div>
<div> keyexchange=ikev1</div>
<div> </div>
<div>conn rw</div>
<div> left=192.168.1.17</div>
<div> leftid=@moon.strongswan.org</div>
<div> leftsubnet=10.1.0.0/16</div>
<div> leftauth=psk</div>
<div> leftfirewall=yes</div>
<div> right=%any</div>
<div> rightsourceip=10.3.0.0/24</div>
<div> rightauth=psk</div>
<div> rightauth2=xauth</div>
<div> auto=add</div>
<div> </div>
<div> </div>
<div>/etc/ipsec.secrets (for now, very basic):</div>
<div> </div>
<div>: PSK "psk88"</div>
<div>username : XAUTH "password"</div>
<div> </div>
<div> </div>
<div>When I try to connect, here is what I get,</div>
<div> </div>
<div>Nov 23 07:53:19 linuxbox charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[CFG] loaded IKE secret for %any</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[CFG] loaded EAP secret for username</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown
eap-identity xauth-generic addrblock</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[LIB] dropped capabilities, running as uid 0, gid 0</div>
<div>Nov 23 07:53:19 linuxbox charon: 00[JOB] spawning 16 worker threads</div>
<div>Nov 23 07:53:19 linuxbox charon: 06[CFG] received stroke: add connection 'rw'</div>
<div>Nov 23 07:53:19 linuxbox charon: 06[CFG] adding virtual IP address pool 10.3.0.0/24</div>
<div>Nov 23 07:53:19 linuxbox charon: 06[CFG] added configuration 'rw'</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[NET] received packet: from 187.141.76.5[500] to 192.168.1.17[500] (384 bytes)</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:08</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[IKE] received NAT-T (RFC 3947) vendor ID</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[IKE] 187.141.76.5 is initiating a Main Mode IKE_SA</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[ENC] generating ID_PROT response 0 [ SA V V V ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 08[NET] sending packet: from 192.168.1.17[500] to 187.141.76.5[500] (136 bytes)</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[NET] received packet: from 187.141.76.5[500] to 192.168.1.17[500] (228 bytes)</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[IKE] local host is behind NAT, sending keep alives</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[IKE] remote host is behind NAT</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 09[NET] sending packet: from 192.168.1.17[500] to 187.141.76.5[500] (212 bytes)</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[NET] received packet: from 187.141.76.5[4500] to 192.168.1.17[4500] (76 bytes)</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[ENC] parsed ID_PROT request 0 [ ID HASH ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[CFG] looking for pre-shared key peer configs matching 192.168.1.17...187.141.76.5[192.168.22.57]</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[IKE] no peer config found</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[ENC] generating INFORMATIONAL_V1 request 3189985356 [ HASH N(AUTH_FAILED) ]</div>
<div>Nov 23 07:54:00 linuxbox charon: 10[NET] sending packet: from 192.168.1.17[4500] to 187.141.76.5[4500] (92 bytes)</div>
<div> </div>
<div> </div>
<div>I could be wrong, but I think the problem is “no peer config found” -> but it’s in the file, no?</div>
<div> </div>
<div>Any suggestion to get a basic config up and working (then I can go from there)</div>
<div> </div>
<div>Thanks!!!</div>
<div> </div>
<div> </div>
<div> </div>
</span></font>
</body>
</html>