
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    From the logs, box1 received "Auth Failed" response from box 2. You

    have to inspect the logs on box 2 to see why it is failing to

    authenticate box 1. <br>

    <br>

    --Jafar<br>

    <br>

    <br>

    <div class="moz-cite-prefix">On 2/23/2018 4:26 AM, Anne Ambe wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:19579fbd-1f89-b2f4-5696-3ccfaf4ce1e6@air-lynx.com">

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      Hi, <br>

      I have been struggling for the past week to configure an ipsec

      tunnel between two fedora19 boxes using strongswan version  5.1.3<br>

      I tried to follow the configuration for net2net with PSK found on

      this link

      <a class="moz-txt-link-freetext"

href="https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html"

        moz-do-not-send="true">https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html</a>.<br>

      Here is my configuration:<br>

      <br>

      <b>Box1: </b><br>

      <b>ipsec.conf: <br>

        <br>

      </b>config setup<br>

      conn %default<br>

              ikelifetime=60m<br>

              keylife=20m<br>

              rekeymargin=3m<br>

              keyingtries=1<br>

              authby=secret<br>

              keyexchange=ikev2<br>

              mobike=no<br>

      <br>

      conn fed1_fed2<br>

              left=192.168.aa.bb<br>

              leftsubnet=192.168.x.0/24<br>

              leftid=@fed1<br>

              leftfirewall=no<br>

              right=192.168.aa.cc<br>

              rightsubnet=192.168.y.0/24<br>

              rightid=@fed2<br>

              auto=add<b><br>

        Box 2:<br>

        <br>

        ipsec.conf<br>

        <br>

      </b>config setup<b><br>

      </b>conn %default<br>

              ikelifetime=60m<br>

              keylife=20m<br>

              rekeymargin=3m<br>

              keyingtries=1<br>

              authby=secret<br>

              keyexchange=ikev2<br>

              mobike=no<br>

      <br>

      conn fed1_fed2<br>

              left=192.168.aa.cc<br>

              leftsubnet=192.168.y.0/24<br>

              leftid=@fed2<br>

              leftfirewall=no<br>

              right=192.168.aa.bb<br>

              rightsubnet=192.168.x.0/24<br>

              rightid=@fed1<br>

              auto=add<b><br>

        <br>

        Common on box1 and box 2<br>

        <br>

        strongswan.conf<br>

      </b>charon {<br>

        load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke

      kernel-netlink socket-default updown<br>

        multiple_authentication = no<br>

      }<b><br>

      </b><br>

      <b><b>ipsec.secret<br>

        </b></b>@fed1 @fed2 : PSK 0sblahblahblah<b><b><br>

          <br>

          when i try to bring  up this tunnel from box1 this i get this

          error<br>

        </b></b>initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc<br>

      generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)

      N(NATD_D_IP) ]<br>

      sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652

      bytes)<br>

      received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500]

      (376 bytes)<br>

      parsed IKE_SA_INIT response 0 [ SA KE No V ]<br>

      received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73<br>

      authentication of 'fed1' (myself) with pre-shared key<br>

      establishing CHILD_SA fed1_fed2<br>

      generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA

      TSi TSr N(EAP_ONLY) ]<br>

      sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364

      bytes)<br>

      received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36

      bytes)<br>

      parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]<br>

      <b>received message ID 0, expected 1. Ignored</b><b><b><br>

          <br>

        </b></b>I am very new to strongswan.Please any guidance will be

      very much appreciated.<b><b><br>

          <br>

          Thanks <br>

          <br>

          Anne<br>

        </b></b>

      <div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>

        <table style="border-top: 1px solid #D3D4DE;">

          <tbody>

            <tr>

              <td style="width: 55px; padding-top: 13px;"><a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon"

                  target="_blank" moz-do-not-send="true"><img

src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"

                    alt="" style="width: 46px; height: 29px;"

                    moz-do-not-send="true" height="29" width="46"></a></td>

              <td style="width: 470px; padding-top: 12px; color:

                #41424e; font-size: 13px; font-family: Arial, Helvetica,

                sans-serif; line-height: 18px;">Virus-free. <a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link"

                  target="_blank" style="color: #4453ea;"

                  moz-do-not-send="true">www.avast.com</a> </td>

            </tr>

          </tbody>

        </table>

        <a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1"

          height="1" moz-do-not-send="true"> </a></div>

    </blockquote>

    <br>

  </body>

</html>