<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi, <br>
I have been struggling for the past week to configure an ipsec
tunnel between two fedora19 boxes using strongswan version 5.1.3<br>
I tried to follow the configuration for net2net with PSK found on
this link
<a class="moz-txt-link-freetext" href="https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html">https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html</a>.<br>
Here is my configuration:<br>
<br>
<b>Box1: </b><br>
<b>ipsec.conf: <br>
<br>
</b>config setup<br>
conn %default<br>
ikelifetime=60m<br>
keylife=20m<br>
rekeymargin=3m<br>
keyingtries=1<br>
authby=secret<br>
keyexchange=ikev2<br>
mobike=no<br>
<br>
conn fed1_fed2<br>
left=192.168.aa.bb<br>
leftsubnet=192.168.x.0/24<br>
leftid=@fed1<br>
leftfirewall=no<br>
right=192.168.aa.cc<br>
rightsubnet=192.168.y.0/24<br>
rightid=@fed2<br>
auto=add<b><br>
Box 2:<br>
<br>
ipsec.conf<br>
<br>
</b>config setup<b><br>
</b>conn %default<br>
ikelifetime=60m<br>
keylife=20m<br>
rekeymargin=3m<br>
keyingtries=1<br>
authby=secret<br>
keyexchange=ikev2<br>
mobike=no<br>
<br>
conn fed1_fed2<br>
left=192.168.aa.cc<br>
leftsubnet=192.168.y.0/24<br>
leftid=@fed2<br>
leftfirewall=no<br>
right=192.168.aa.bb<br>
rightsubnet=192.168.x.0/24<br>
rightid=@fed1<br>
auto=add<b><br>
<br>
Common on box1 and box 2<br>
<br>
strongswan.conf<br>
</b>charon {<br>
load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke
kernel-netlink socket-default updown<br>
multiple_authentication = no<br>
}<b><br>
</b><br>
<b><b>ipsec.secret<br>
</b></b>@fed1 @fed2 : PSK 0sblahblahblah<b><b><br>
<br>
when i try to bring up this tunnel from box1 this i get this
error<br>
</b></b>initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc<br>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) ]<br>
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652
bytes)<br>
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (376
bytes)<br>
parsed IKE_SA_INIT response 0 [ SA KE No V ]<br>
received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73<br>
authentication of 'fed1' (myself) with pre-shared key<br>
establishing CHILD_SA fed1_fed2<br>
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi
TSr N(EAP_ONLY) ]<br>
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364
bytes)<br>
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36
bytes)<br>
parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]<br>
<b>received message ID 0, expected 1. Ignored</b><b><b><br>
<br>
</b></b>I am very new to strongswan.Please any guidance will be
very much appreciated.<b><b><br>
<br>
Thanks <br>
<br>
Anne<br>
</b></b>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>