<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hi, <br>
    I have been struggling for the past week to configure an ipsec
    tunnel between two fedora19 boxes using strongswan version  5.1.3<br>
    I tried to follow the configuration for net2net with PSK found on
    this link
<a class="moz-txt-link-freetext" href="https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html">https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html</a>.<br>
    Here is my configuration:<br>
    <br>
    <b>Box1: </b><br>
    <b>ipsec.conf: <br>
      <br>
    </b>config setup<br>
    conn %default<br>
            ikelifetime=60m<br>
            keylife=20m<br>
            rekeymargin=3m<br>
            keyingtries=1<br>
            authby=secret<br>
            keyexchange=ikev2<br>
            mobike=no<br>
    <br>
    conn fed1_fed2<br>
            left=192.168.aa.bb<br>
            leftsubnet=192.168.x.0/24<br>
            leftid=@fed1<br>
            leftfirewall=no<br>
            right=192.168.aa.cc<br>
            rightsubnet=192.168.y.0/24<br>
            rightid=@fed2<br>
            auto=add<b><br>
      Box 2:<br>
      <br>
      ipsec.conf<br>
      <br>
    </b>config setup<b><br>
    </b>conn %default<br>
            ikelifetime=60m<br>
            keylife=20m<br>
            rekeymargin=3m<br>
            keyingtries=1<br>
            authby=secret<br>
            keyexchange=ikev2<br>
            mobike=no<br>
    <br>
    conn fed1_fed2<br>
            left=192.168.aa.cc<br>
            leftsubnet=192.168.y.0/24<br>
            leftid=@fed2<br>
            leftfirewall=no<br>
            right=192.168.aa.bb<br>
            rightsubnet=192.168.x.0/24<br>
            rightid=@fed1<br>
            auto=add<b><br>
      <br>
      Common on box1 and box 2<br>
      <br>
      strongswan.conf<br>
    </b>charon {<br>
      load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke
    kernel-netlink socket-default updown<br>
      multiple_authentication = no<br>
    }<b><br>
    </b><br>
    <b><b>ipsec.secret<br>
      </b></b>@fed1 @fed2 : PSK 0sblahblahblah<b><b><br>
        <br>
        when i try to bring  up this tunnel from box1 this i get this
        error<br>
      </b></b>initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc<br>
    generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
    N(NATD_D_IP) ]<br>
    sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652
    bytes)<br>
    received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (376
    bytes)<br>
    parsed IKE_SA_INIT response 0 [ SA KE No V ]<br>
    received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73<br>
    authentication of 'fed1' (myself) with pre-shared key<br>
    establishing CHILD_SA fed1_fed2<br>
    generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi
    TSr N(EAP_ONLY) ]<br>
    sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364
    bytes)<br>
    received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36
    bytes)<br>
    parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]<br>
    <b>received message ID 0, expected 1. Ignored</b><b><b><br>
        <br>
      </b></b>I am very new to strongswan.Please any guidance will be
    very much appreciated.<b><b><br>
        <br>
        Thanks <br>
        <br>
        Anne<br>
      </b></b>
  <div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
        <tr>
        <td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
                <td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link" target="_blank" style="color: #4453ea;">www.avast.com</a>
                </td>
        </tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>