<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Hi,<br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">I am trying strongswan 5.2.1 for the site to site vpn.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">I have followed the config from the link[1] for the configuration. In my setup the connection is failed to come up.<br><br>[1] <a href="https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/">https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/</a><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Can some one please suggest what is going wrong. Below are the logs.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)"><br># ipsec --version<br>Linux strongSwan U5.2.1/K3.2.0-4-amd64<br>Institute for Internet Technologies and Applications<br>University of Applied Sciences Rapperswil, Switzerland<br>See 'ipsec --copyright' for copyright information.<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)"><br><br><br><br>
<div style="font-family:"Helvetica Neue";font-size:14px"><span style="color:rgb(68,83,97)"><span style="font-family:sans-serif">R1 config:</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">#auto=addpsec.conf - strongSwan IPsec configuration file</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">config setup</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">conn %default</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> ikelifetime=60m</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> keylife=20m</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> rekeymargin=3m</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> keyingtries=1</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> keyexchange=ikev1</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> #authby=secret</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> authby=psk</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">conn net-net</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> left=10.147.46.103</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> leftsubnet=<a href="http://10.10.0.0/16">10.10.0.0/16</a></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> leftfirewall=yes</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> right=10.147.46.112</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> rightsubnet=<a href="http://10.20.0.0/16">10.20.0.0/16</a></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"> auto=add</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"># cat ipsec.secrets</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">10.147.46.112 10.147.46.103 : PSK "123456789"</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="color:rgb(68,83,97)"><span style="font-family:sans-serif">R2 config:</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"><br></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"># cat ipsec.conf</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"><br></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)">conn %default</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> ikelifetime=60m</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> keylife=20m</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> rekeymargin=3m</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> keyingtries=1</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> keyexchange=ikev1</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> authby=secret</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"><br></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)">conn net-net</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> left=10.147.46.112</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> leftsubnet=<a href="http://10.20.0.0/16">10.20.0.0/16</a></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> leftfirewall=yes</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> right=10.147.46.103</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> rightsubnet=<a href="http://10.10.0.0/16">10.10.0.0/16</a></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"> auto=add</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)"># cat ipsec.secrets</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="color:rgb(68,83,97)">10.147.46.103 10.147.46.112 : PSK "123456789"</span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"><br></span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)"># ipsec up net-net</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">initiating Main Mode IKE_SA net-net[3] to 10.147.46.112</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">generating ID_PROT request 0 [ SA V V V V ]</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">parsed ID_PROT response 0 [ SA V V V ]</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received XAuth vendor ID</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received DPD vendor ID</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received NAT-T (RFC 3947) vendor ID</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">generating ID_PROT request 0 [ KE No NAT-D NAT-D ]</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">generating ID_PROT request 0 [ ID HASH ]</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">invalid HASH_V1 payload length, decryption failed?</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">could not decrypt payloads</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">message parsing failed</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">ignore malformed INFORMATIONAL request</span></span></span></div><div style="font-family:"Helvetica Neue";font-size:14px"><span style="font-family:sans-serif"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(68,83,97)">INFORMATIONAL_V1 request with message ID 867435333 processing failed</span></span></span></div><br><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Thanks,<br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(51,0,153)">Jayapal<br></div></div>