<div dir="ltr"><div><div><div><div><div>Hello,<br><br></div>I am using strongswan-5.3 to connect host-host<br><br></div><div>moon(192.168.82.99)<------------>sun(192.168.82.111)<br></div><div><br></div><div>error for this:<br></div><br>root@phyCORE-AM335x:~ ipsec up host-host<br>initiating IKE_SA host-host[1] to 192.168.82.111<br>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]<br>sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (684 bytes)<br>received packet: from 192.168.82.111[500] to 192.168.82.99[500] (481 bytes)<br>parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]<br>received 1 cert requests for an unknown ca<br>sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"<br>authentication of 'C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>' (myself) with RSA_EMSA_PKCS1_SHA256 successful<br>sending end entity cert "C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>"<br>establishing CHILD_SA host-host<br>generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]<br>sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (1884 bytes)<br>received packet: from 192.168.82.111[500] to 192.168.82.99[500] (76 bytes)<br>parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]<br>received AUTHENTICATION_FAILED notify error<br>establishing connection 'host-host' failed<br><br></div>log messages:<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[1389]: Starting strongSwan 5.3.2 IPsec [starter]...<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[1389]: !! Your strongswan.conf contains manual plugin load options for charon.<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[1389]: !! This is recommended for experts only, see<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[1389]: !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.2.0-PD13.1.2, armv7l)<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] received netlink error: Operation not supported (95)<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] unable to create IPv4 routing table rule<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] received netlink error: Operation not supported (95)<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[KNL] unable to create IPv6 routing table rule<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.der'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/moonKey.der'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[LIB] loaded plugins: charon aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown attr<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 00[JOB] spawning 16 worker threads<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> ipsec_starter[1402]: charon (1403) started after 100 ms<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[CFG] received stroke: add connection 'host-host'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[CFG] left nor right host is our side, assuming left=local<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[CFG] loaded certificate "C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>" from 'moonCert.der'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>'<br>Nov 22 07:50:06 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[CFG] added configuration 'host-host'<br>Nov 22 07:50:14 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[CFG] received stroke: initiate 'host-host'<br>Nov 22 07:50:14 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 02[IKE] initiating IKE_SA host-host[1] to 192.168.82.111<br>Nov 22 07:50:14 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> charon: 02[IKE] initiating IKE_SA host-host[1] to 192.168.82.111<br>Nov 22 07:50:15 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]<br>Nov 22 07:50:15 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 02[NET] sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (684 bytes)<br>Nov 22 07:50:15 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[NET] received packet: from 192.168.82.111[500] to 192.168.82.99[500] (481 bytes)<br>Nov 22 07:50:15 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[IKE] received 1 cert requests for an unknown ca<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[IKE] authentication of 'C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>' (myself) with RSA_EMSA_PKCS1_SHA256 successful<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[IKE] sending end entity cert "C=CH, O=strongSwan, CN=<a href="http://moon.strongswan.org">moon.strongswan.org</a>"<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[IKE] establishing CHILD_SA host-host<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://authpriv.info">authpriv.info</a> charon: 11[IKE] establishing CHILD_SA host-host<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 11[NET] sending packet: from 192.168.82.99[500] to 192.168.82.111[500] (1884 bytes)<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 15[NET] received packet: from 192.168.82.111[500] to 192.168.82.99[500] (76 bytes)<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 15[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]<br>Nov 22 07:50:16 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 15[IKE] received AUTHENTICATION_FAILED notify error<br>Nov 22 07:50:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312 bytes)<br>Nov 22 07:50:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]<br>Nov 22 07:50:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending NO_PROPOSAL_CHOSEN<br>Nov 22 07:50:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[ENC] generating INFORMATIONAL_V1 request 633227307 [ N(NO_PROP) ]<br>Nov 22 07:50:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40 bytes)<br>Nov 22 07:51:12 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312 bytes)<br>Nov 22 07:51:12 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]<br>Nov 22 07:51:12 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending NO_PROPOSAL_CHOSEN<br>Nov 22 07:51:12 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[ENC] generating INFORMATIONAL_V1 request 2444041484 [ N(NO_PROP) ]<br>Nov 22 07:51:12 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 08[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40 bytes)<br>Nov 22 07:51:52 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312 bytes)<br>Nov 22 07:51:52 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]<br>Nov 22 07:51:52 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending NO_PROPOSAL_CHOSEN<br>Nov 22 07:51:52 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[ENC] generating INFORMATIONAL_V1 request 3535449560 [ N(NO_PROP) ]<br>Nov 22 07:51:52 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 09[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40 bytes)<br>Nov 22 07:52:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[NET] received packet: from 192.168.82.5[500] to 192.168.82.99[500] (312 bytes)<br>Nov 22 07:52:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]<br>Nov 22 07:52:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[IKE] no IKE config found for 192.168.82.99...192.168.82.5, sending NO_PROPOSAL_CHOSEN<br>Nov 22 07:52:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[ENC] generating INFORMATIONAL_V1 request 1995267650 [ N(NO_PROP) ]<br>Nov 22 07:52:32 phyCORE-AM335x <a href="http://daemon.info">daemon.info</a> charon: 03[NET] sending packet: from 192.168.82.99[500] to 192.168.82.5[500] (40 bytes)<br><br><br></div>moon config:<br><br># /etc/ipsec.conf - strongSwan IPsec configuration file<br><br>config setup<br><br>conn %default<br> ikelifetime=60m<br> keylife=20m<br> rekeymargin=3m<br> keyingtries=1<br> mobike=no<br> keyexchange=ikev2<br> <br>conn host-host<br> leftcert=moonCert.der<br> right=192.168.82.111<br> rightid="C=CH, O=strongSwan, CN=<a href="http://sun.strongswan.org">sun.strongswan.org</a>"<br> auto=add<br> <br>root@phyCORE-AM335x:~ cat /etc/ipsec.secrets <br># /etc/ipsec.secrets - strongSwan IPsec secrets file<br><br>: RSA moonKey.der<br><br><br></div>Please help me.<br><div><br><div><div><div><br><br><br clear="all"><div><div><div><div><div class="gmail_signature"><div dir="ltr"><div><br></div><div><br></div><div>Regards,<br></div>Hardik A Gohil<br></div></div></div>
</div></div></div></div></div></div></div></div>