<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Times New Roman, Times, serif">Hello,<br>
<br>
<br>
I'm trying to connect my Draytek router to a debian VPS with
strongswan 5.2.1 installed.<br>
<br>
The configurations files for strongswan are:<br>
# ipsec.conf - strongSwan IPsec configuration file<br>
<br>
# basic configuration<br>
<br>
config setup<br>
<br>
# Add connections here.<br>
conn vigor<br>
auto=start<br>
authby=secret<br>
keyexchange=ike<br>
left=VPS_IP<br>
right=DRAYTEK_WAN_IP<br>
<br>
<br>
#ipsec.secrets<br>
VPS_IP DRAYTEK_WAN_IP : PSK "mysecret"<br>
<br>
<br>
I'm getting always the same error (no matching CHILD_SA config
found).<br>
Here is the log:<br>
<br>
pr 20 10:18:34 debian charon: 04[IKE] IKE_SA vigor[23] established
between VPS_IP[VPS_IP]...</font><font face="Times New Roman,
Times, serif"><font face="Times New Roman, Times, serif">DRAYTEK_WAN_IP</font>[</font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">DRAYTEK_WAN_IP</font>]<br>
Apr 20 10:18:34 debian charon: 04[IKE] scheduling reauthentication
in 10253s<br>
Apr 20 10:18:34 debian charon: 04[IKE] maximum IKE_SA lifetime
10793s<br>
Apr 20 10:18:34 debian charon: 04[ENC] generating ID_PROT response
0 [ ID HASH ]<br>
Apr 20 10:18:34 debian charon: 04[NET] sending packet: from </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">VPS_IP</font>[500] to </font><font face="Times
New Roman, Times, serif"><font face="Times New Roman, Times,
serif">DRAYTEK_WAN_IP</font>[500] (76 bytes)<br>
Apr 20 10:18:34 debian charon: 03[NET] received packet: from </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">DRAYTEK_WAN_IP</font>[500] to </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">VPS_IP</font>[500] (188 bytes)<br>
Apr 20 10:18:34 debian charon: 03[ENC] parsed QUICK_MODE request
101025479 [ HASH SA No ID ID ]<br>
Apr 20 10:18:34 debian charon: 03[IKE] no matching CHILD_SA config
found<br>
Apr 20 10:18:34 debian charon: 03[ENC] generating INFORMATIONAL_V1
request 1880426725 [ HASH N(INVAL_ID) ]<br>
Apr 20 10:18:34 debian charon: 03[NET] sending packet: from </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">VPS_IP</font>[500] to </font><font face="Times
New Roman, Times, serif"><font face="Times New Roman, Times,
serif">DRAYTEK_WAN_IP</font>[500] (76 bytes)<br>
Apr 20 10:18:37 debian charon: 02[NET] received packet: from </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">DRAYTEK_WAN_IP</font>[500] to </font><font
face="Times New Roman, Times, serif"><font face="Times New Roman,
Times, serif">VPS_IP</font>[500] (188 bytes)<br>
Apr 20 10:18:37 debian charon: 02[IKE] received retransmit of
request with ID 101025479, but no response to retransmit<br>
<br>
<br>
Can someone help me?<br>
<br>
Thank you<br>
<br>
Best regards<br>
<br>
<br>
<br>
<br>
</font>
<pre class="moz-signature" cols="72">--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Valter Filipe Miranda Castelão da Silva
Escola Superior de Tecnologia e Gestão de Águeda
Universidade de Aveiro
3810-193 AVEIRO
Portugal
Contactos/Contacts:
email : <a class="moz-txt-link-abbreviated" href="mailto:vfs@ua.pt">vfs@ua.pt</a>
<a class="moz-txt-link-abbreviated" href="mailto:vfs@av.it.pt">vfs@av.it.pt</a>
web : <a class="moz-txt-link-freetext" href="http://www.estga.ua.pt/PagePerson.aspx?id=1876&b=1">http://www.estga.ua.pt/PagePerson.aspx?id=1876&b=1</a>
<a class="moz-txt-link-freetext" href="http://www.it.pt/person_detail_p.asp?ID=4438">http://www.it.pt/person_detail_p.asp?ID=4438</a>
<a class="moz-txt-link-freetext" href="http://paginas.fe.up.pt/~ftt/index.html">http://paginas.fe.up.pt/~ftt/index.html</a>
Tel./Phone : (+351) 234 611 500
41133 (Extensão UA/Internal)
9453 (Extensão UA móvel/Mobile internal)
</pre>
</body>
</html>