<div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace">Hello,</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">in this scenario:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace">vpn server: ike psk + xauth, sonicwall tz210 SonicOS Enhanced 5.9.0.7-17o </div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace">vpn client: CentOS 6</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="font-family:'courier new',monospace"><div class="gmail_default" style="font-family:'courier new',monospace;display:inline"></div><div class="gmail_default" style="font-family:'courier new',monospace;display:inline"></div><div class="gmail_default" style="font-family:'courier new',monospace;display:inline"></div>[root@localhost strongswan]# strongswan statusall</span><div class="gmail_default" style><div class="gmail_default" style="font-family:'courier new',monospace">Status of IKE charon daemon (strongSwan 5.2.0, Linux 2.6.32-504.8.1.el6.x86_64, x86_64):</div></div><div class="gmail_default" style><div class="gmail_default" style="font-family:'courier new',monospace"> uptime: 39 minutes, since Feb 26 04:28:14 2015</div></div><div class="gmail_default" style><div class="gmail_default" style="font-family:'courier new',monospace"> malloc: sbrk 405504, mmap 0, used 313104, free 92400</div></div><div class="gmail_default" style><div class="gmail_default" style="font-family:'courier new',monospace"> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0</div></div><div class="gmail_default" style><div class="gmail_default" style="font-family:'courier new',monospace"> loaded plugins: charon curl aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp</div></div></blockquote><div class="gmail_default" style><div style="font-family:'courier new',monospace"><br></div><div style="font-family:'courier new',monospace">in file /etc/strongswan/strongswan.d/charon.conf added this lines:<br></div><div style><div style><font face="courier new, monospace"> accept_unencrypted_mainmode_messages = yes</font></div><div style><font face="courier new, monospace"> initiator_only = yes<br></font></div></div><div style="font-family:'courier new',monospace"><br></div></div><div class="gmail_default" style="font-family:'courier new',monospace">conn vlc<br></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default"><span class="" style="white-space:pre"> </span>auto=add</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>type=tunnel</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#aggressive=yes</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>keyexchange=ikev1</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span># configuramos la parte local</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>left=%defaultroute</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>leftsourceip=%config</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>leftauth=psk</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>leftid=GroupVPN</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>leftauth2=xauth</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>xauth=client</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>xauth_identity=user</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>leftfirewall=yes</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span># configuramos la parte remota</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>right=<a href="http://host.domain.name">host.domain.name</a></div><div class="gmail_default"><span class="" style="white-space:pre"> </span>rightid=001122334455667788</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>rightsubnet="<a href="http://192.168.4.0/24">192.168.4.0/24</a>"</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>rightauth=psk</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span># configuramos las proposiciones</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>#</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>keyingtries=1</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>ike=3des-sha1-modp1024</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>ikelifetime=28800s</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>esp=3des-sha1</div><div class="gmail_default"><span class="" style="white-space:pre"> </span>lifetime=28800s</div><div><br></div></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:'courier new',monospace;display:inline"></div><span style="font-family:'courier new',monospace">[root@localhost strongswan]#<div class="gmail_default" style="font-family:'courier new',monospace;display:inline"> </div></span><span style="font-family:'courier new',monospace">strongswan up vlc</span><div class="gmail_default" style="font-family:'courier new',monospace">initiating Main Mode IKE_SA vlc[2] to 62.43.189.77<br></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">generating ID_PROT request 0 [ SA V V V V ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending packet: from 192.168.197.133[500] to 62.43.189.77[500] (188 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received packet: from 62.43.189.77[500] to 192.168.197.133[500] (112 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">parsed ID_PROT response 0 [ SA V V ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received unknown vendor ID: 5b:36:2b:c8:20:f6:00:08</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received NAT-T (RFC 3947) vendor ID</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">generating ID_PROT request 0 [ KE No NAT-D NAT-D ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending packet: from 192.168.197.133[500] to 62.43.189.77[500] (244 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received packet: from 62.43.189.77[500] to 192.168.197.133[500] (276 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">parsed ID_PROT response 0 [ KE NAT-D NAT-D No V V V ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received XAuth vendor ID</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received DPD vendor ID</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">local host is behind NAT, sending keep alives</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">generating ID_PROT request 0 [ ID HASH ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending packet: from 192.168.197.133[4500] to 62.43.189.77[4500] (76 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received packet: from 62.43.189.77[4500] to 192.168.197.133[4500] (76 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">queueing TRANSACTION request as tasks still active</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending retransmit 1 of request message ID 0, seq 3</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending packet: from 192.168.197.133[4500] to 62.43.189.77[4500] (76 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">received packet: from 62.43.189.77[4500] to 192.168.197.133[4500] (64 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">parsed ID_PROT response 0 [ ID HASH ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default"><b>IDir '62.43.189.77' does not match to '001122334455667788</b>'</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">deleting IKE_SA vlc[2] between 192.168.197.133[GroupVPN]...62.43.189.77[%any]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending DELETE for IKE_SA vlc[2]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">generating INFORMATIONAL_V1 request 3927973628 [ HASH D ]</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">sending packet: from 192.168.197.133[4500] to 62.43.189.77[4500] (84 bytes)</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div class="gmail_default">connection 'vlc' established successfully</div></div></blockquote><div class="gmail_default" style="font-family:'courier new',monospace"><div><br></div><div><br></div></div><div class="gmail_default" style="font-family:'courier new',monospace"><div>I have established the connection ok with aggresive mode.</div><div>But, now I'm trying to configure the connection with main mode and get this:</div></div><div class="gmail_default" style="font-family:'courier new',monospace"><b>IDir '62.43.189.77' does not match to '001122334455667788</b>'<br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Please I need help to identify what I'm doing wrong.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace">Thanks.</div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div class="gmail_default" style="font-family:'courier new',monospace"><br></div><div><div class="gmail_signature"><div dir="ltr"><div><font face="courier new, monospace">--</font></div><div><font face="courier new, monospace">Alejandro Valcarcel Garcia<br>Responsable de sistemas y comunicaciones<br>ODEC - Construimos Soluciones<br><br><a href="mailto:avalcarcel@odec.es" target="_blank">avalcarcel@odec.es</a> - <a href="http://www.odec.es" target="_blank">http://www.odec.es</a> - Calle Vicent Macip, 1 (46701) Gandia SPAIN - T: +34 962 860 466 ext 1292 - M: +34 699 679 435</font></div></div></div></div>
</div>