<div dir="ltr"><div>Hi Jafar,</div><div dir="ltr"><br></div><div dir="ltr">Thanks for the reply!<div>I tried "left=%any", but still got the same error message. BTW, I tried "left=10.162.19.55" too and the same.<br></div><div><br></div><div>Regards,</div><div>Jianjun</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Sep 3, 2019 at 9:02 AM Jafar Al-Gharaibeh <<a href="mailto:jafar@atcorp.com">jafar@atcorp.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Jianjun,</p>
<p> I see at least one issue, "left" config is wrong, instead of</p>
<p> <tt>left=0.0.0.0</tt></p>
<p> you want <br>
</p>
<p> <tt>left=%any</tt></p>
<p>Regards,</p>
<p>Jafar<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="gmail-m_-8234093719735191045moz-cite-prefix">On 9/2/19 5:03 PM, Jianjun Shen Shen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hello,
<div><br>
</div>
<div>I am using strongswan
(U5.3.5/K4.4.0-87-generic) on Ubuntu
(16.04.3 LTS).</div>
<div><br>
</div>
<div>Running "/usr/lib/ipsec/charon
--debug-cfg 4 --debug-ike 4" got the
following log messages:</div>
<div>
<div>00[DMN] Starting IKE charon
daemon (strongSwan 5.3.5, Linux
4.4.0-87-generic, x86_64)</div>
<div>00[CFG] loading ca certificates
from '/etc/ipsec.d/cacerts'</div>
<div>00[CFG] loading aa certificates
from '/etc/ipsec.d/aacerts'</div>
<div>00[CFG] loading ocsp signer
certificates from
'/etc/ipsec.d/ocspcerts'</div>
<div>00[CFG] loading attribute
certificates from
'/etc/ipsec.d/acerts'</div>
<div>00[CFG] loading crls from
'/etc/ipsec.d/crls'</div>
<div>00[CFG] loading secrets from
'/etc/ipsec.secrets'</div>
<div>00[CFG] loaded IKE secret for
0.0.0.0 10.162.19.54</div>
<div>00[CFG] secret:
73:77:6f:72:64:66:69:73:68</div>
<div>00[LIB] loaded plugins: charon
test-vectors aes rc2 sha1 sha2 md4
md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8
pkcs12 pgp dnskey sshkey pem
fips-prf gmp xcbc hmac attr
kernel-netlink resolve
socket-default stroke updown</div>
<div>00[LIB] dropped capabilities,
running as uid 0, gid 0</div>
<div>00[JOB] spawning 16 worker
threads</div>
<div>05[NET] received packet: from
10.162.19.54[500] to
10.162.19.55[500] (660 bytes)</div>
<div>05[ENC] parsed IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) N(HASH_ALG) ]</div>
<div>05[CFG] looking for an ike config
for 10.162.19.55...10.162.19.54</div>
<div>05[IKE] no IKE config found for
10.162.19.55...10.162.19.54, sending
NO_PROPOSAL_CHOSEN</div>
<div>05[ENC] generating IKE_SA_INIT
response 0 [ N(NO_PROP) ]</div>
<div>05[NET] sending packet: from
10.162.19.55[500] to
10.162.19.54[500] (36 bytes)</div>
<div>05[IKE] IKE_SA (unnamed)[1] state
change: CREATED => DESTROYING</div>
</div>
<div><br>
</div>
<div>And my ipsec.conf is quite simple:</div>
<div>
<div>config setup</div>
<div> uniqueids=yes</div>
<div><br>
</div>
<div>conn %default</div>
<div> keyingtries=%forever</div>
<div> type=transport</div>
<div> keyexchange=ikev2</div>
<div> auto=route</div>
<div>
ike=aes256gcm16-sha256-modp2048</div>
<div> esp=aes256gcm16-modp2048</div>
<div><br>
</div>
<div>conn host54</div>
<div> left=0.0.0.0</div>
<div> right=10.162.19.54</div>
<div> authby=psk</div>
<div> leftprotoport=gre</div>
<div> rightprotoport=gre</div>
</div>
<div><br>
</div>
<div>"ipsec statusall" shows the
following:</div>
<div>
<div>Status of IKE charon daemon
(strongSwan 5.3.5, Linux
4.4.0-87-generic, x86_64):<br>
</div>
<div> uptime: 3 seconds, since Sep 02
22:00:24 2019</div>
<div> malloc: sbrk 1216512, mmap 0,
used 251808, free 964704</div>
<div> worker threads: 11 of 16 idle,
5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0</div>
<div> loaded plugins: charon
test-vectors aes rc2 sha1 sha2 md4
md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8
pkcs12 pgp dnskey sshkey pem
fips-prf gmp xcbc hmac attr
kernel-netlink resolve
socket-default stroke updown</div>
<div>Listening IP addresses:</div>
<div> 10.162.19.55</div>
<div>
fd01:0:101:2616:20c:29ff:fe2f:26c4</div>
<div> 172.17.0.1</div>
<div> 192.168.0.55</div>
<div>Connections:</div>
<div> host54:
0.0.0.0...10.162.19.54 IKEv2</div>
<div> host54: local: uses
pre-shared key authentication</div>
<div> host54: remote:
[10.162.19.54] uses pre-shared key
authentication</div>
<div> host54: child:
dynamic[gre] === dynamic[gre]
TRANSPORT</div>
<div>Routed Connections:</div>
<div> host54 {1}: ROUTED,
TRANSPORT, reqid 1</div>
<div> host54 {1}: <a href="http://10.162.19.55/32%5Bgre%5D" target="_blank">10.162.19.55/32[gre]</a>
=== <a href="http://10.162.19.54/32%5Bgre%5D" target="_blank">10.162.19.54/32[gre]</a></div>
<div>Security Associations (0 up, 0
connecting):</div>
<div> none</div>
</div>
<div><br>
</div>
<div>So, I could not see anything wrong.
Could you please help?</div>
<div><br>
</div>
<div>Regards,</div>
<div>Jianjun</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote></div>