<div dir="ltr">
<p class="gmail-p1">bash-4.2# ipsec up 9.11.53.11-9.11.120.120-0-1812</p>
<p class="gmail-p1">initiating Main Mode IKE_SA 9.11.53.11-9.11.120.120-0-1812[1] to 9.11.120.120</p>
<p class="gmail-p1">generating ID_PROT request 0 [ SA V V V V ]</p>
<p class="gmail-p1">sending packet: from 9.11.53.11[500] to 9.11.120.120[500] (156 bytes)</p>
<p class="gmail-p1">received packet: from 9.11.120.120[500] to 9.11.53.11[500] (136 bytes)</p>
<p class="gmail-p1">parsed ID_PROT response 0 [ SA V V V ]</p>
<p class="gmail-p1">received strongSwan vendor ID</p>
<p class="gmail-p1">received XAuth vendor ID</p>
<p class="gmail-p1">received DPD vendor ID</p>
<p class="gmail-p1">generating ID_PROT request 0 [ KE No ]</p>
<p class="gmail-p1">sending packet: from 9.11.53.11[500] to 9.11.120.120[500] (132 bytes)</p>
<p class="gmail-p1">received packet: from 9.11.120.120[500] to 9.11.53.11[500] (116 bytes)</p>
<p class="gmail-p1">parsed ID_PROT response 0 [ KE No ]</p><p class="gmail-p1">There is no more logs beyond this and my wireshark capture stops at MM2. </p><p class="gmail-p1">- Lakshmi</p></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Aug 2, 2016 at 3:12 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Well then without a log to diagnose I cannot help you further.<br>
<br>
Andreas<br>
<span class=""><br>
On 02.08.2016 11:38, Lakshmi Prasanna wrote:<br>
> Hi Andreas,<br>
><br>
> Thanks for the quick reply. I do see that the openssl plugin is loaded.<br>
><br>
</span>> * loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509<br>
<span class="">> revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey<br>
</span>> pem _openssl_ fips-prf xcbc cmac hmac attr kernel-netlink resolve<br>
> socket-default stroke updown xauth-generic*<br>
<span class="">><br>
> Do you think there is something else that I might need to check?<br>
><br>
> Thanks,<br>
><br>
> Lakshmi<br>
><br>
><br>
> On Tue, Aug 2, 2016 at 2:56 PM, Andreas Steffen<br>
</span>> <<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>>><br>
<div><div class="h5">> wrote:<br>
><br>
> Hi Lakshmi,<br>
><br>
> ECP256 requires the openssl plugin which is not compiled by default.<br>
> Make sure that the openssl plugin is present and has been loaded<br>
> by the charon daemon. The ipsec statusall command returns a list of<br>
> all loaded plugins.<br>
><br>
> BTW - the pfs parameter has been deprecated. Please use the esp<br>
> parameter as you have correctly done.g<br>
><br>
> Regards<br>
><br>
> Andreas<br>
><br>
> On 02.08.2016 08:48, Lakshmi Prasanna wrote:<br>
> > Hello,<br>
> ><br>
> > While trying to test strongswan with IKE DH group-19, the negotiation<br>
> > somehow doesn't go past main mode 2. There is however no log to<br>
> describe<br>
> > the error that prevents the negotiation.<br>
> ><br>
> > Could someone post some insight? My configs looks like this:<br>
> ><br>
> > keyexchange=ikev1<br>
> ><br>
> > type=transport<br>
> ><br>
> > ikelifetime=480m<br>
> ><br>
> > ike=aes256-sha256-ecp256!<br>
> ><br>
> > esp=aes256-sha256!<br>
> ><br>
> > left=9.11.120.120<br>
> ><br>
> > leftprotoport=17/1812<br>
> ><br>
> > right=9.11.53.11<br>
> ><br>
> > rightprotoport=17/0-1812<br>
> ><br>
> > pfs=no<br>
> ><br>
> > authby=psk<br>
> ><br>
> > auto=add<br>
> ><br>
> ><br>
> > Thanks,<br>
> ><br>
> > Lakshmi<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Users mailing list<br>
</div></div>> > <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>><br>
<span class="">> > <a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
> ><br>
><br>
> --<br>
> ======================================================================<br>
> Andreas Steffen<br>
</span>> <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>><br>
<span class="">> strongSwan - the Open Source VPN Solution!<br>
</span>> <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a> <<a href="http://www.strongswan.org" rel="noreferrer" target="_blank">http://www.strongswan.org</a>><br>
<div class="HOEnZb"><div class="h5">> Institute for Internet Technologies and Applications<br>
> University of Applied Sciences Rapperswil<br>
> CH-8640 Rapperswil (Switzerland)<br>
> ===========================================================[ITA-HSR]==<br>
><br>
><br>
<br>
--<br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</div></div></blockquote></div><br></div>