<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>I am new to strongswan and have not had much experience setting
up VPN connection.</p>
<p>I need to setup a new VPN connection to a client but just cannot
seems to get it working.</p>
<p>Here are the information provided by client:</p>
<p> </p>
<table width="694" cellspacing="0" cellpadding="0" border="0">
<colgroup><col
style="mso-width-source:userset;mso-width-alt:7680;width:162pt"
width="216"> <col
style="mso-width-source:userset;mso-width-alt:4721;width:100pt"
width="133"> <col
style="mso-width-source:userset;mso-width-alt:7168;width:151pt"
width="202"> <col
style="mso-width-source:userset;mso-width-alt:5091;width:107pt"
width="143"> </colgroup><tbody>
<tr style="height:14.4pt" height="19">
<td colspan="2" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19">IKEv2 (Phase 1) Proposal<span
style="mso-spacerun:yes"> </span></td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Available for ping
(Yes/No)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">No</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Mode
(Aggressive/Main)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">Main</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Authentication
method</td>
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133">Pre-shared key</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Pre-shared key</td>
<td class="xl73"
style="border-top:none;border-left:none;width:100pt"
width="133">xxxxxx<br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Group<span
style="mso-spacerun:yes"> </span></td>
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133">Group 14</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Encryption<span
style="mso-spacerun:yes"> </span></td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">AES-256</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Authentication</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">SHA2-256</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IKE Lifetime (seconds)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">86400</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Life Time (KB)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">86400</td>
</tr>
<tr style="height:14.4pt" height="19">
<td colspan="2" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19"><span style="mso-spacerun:yes"> </span>IPsec
(Phase 2) Proposal<span style="mso-spacerun:yes"> </span></td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IPsec Group<span
style="mso-spacerun:yes"> </span></td>
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133">Group 14</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IPsec Protocol</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">ESP</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IPsec Encryption<span
style="mso-spacerun:yes"> </span></td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">AES-256</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl70" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IPsec Authentication</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">SHA2-256</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">IPsec Lifetime
(seconds)</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">3600</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Life Time (KB)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">28800</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Enable Perfect Forward
Secrecy</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">Yes</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl68" style="height:14.4pt;border-top:none"
height="19">PFS / DH-group</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">Yes/Gp-14</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Encapsulation Mode</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">Tunnel</td>
</tr>
<tr style="height:14.4pt" height="19">
<td colspan="2" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19">IP addresses carried in tunnel
(Private IP address, IP range assigned by client) Crypto ACL</td>
</tr>
<tr style="height:20.4pt" height="27">
<td class="xl66" style="height:20.4pt;border-top:none;
width:162pt" width="216" height="27">Source (Encryption
Domain)</td>
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133">192.168.40.33/30(DR)<br>
192.168.40.34/30(UAT)</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">Port</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">Any</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl72" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">VPN DPD always enabled</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">Enabled</td>
</tr>
<tr style="height:40.8pt" height="54">
<td class="xl72" style="height:40.8pt;border-top:none;
width:162pt" width="216" height="54">To disable monitoring
ICMP echo requests (or pings) à by right to determine if a
VPN tunnel is up however for this case it’s dropping the VPN
connections.</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">Disabled</td>
</tr>
<tr style="height:30.6pt" height="41">
<td class="xl72" style="height:30.6pt;border-top:none;
width:162pt" width="216" height="41">To disable a proxy-ID
negotiation, it is used during phase 2 of Internet Key
Exchange (IKE) Virtual Private Network (VPN) negotiations.</td>
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133">Disabled</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl66" style="height:14.4pt;border-top:none;
width:162pt" width="216" height="19">NAT traversal (TCP4500)</td>
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133">Disabled</td>
</tr>
</tbody>
</table>
<p><br>
</p>
<p>Here is my configuration file:</p>
<p>IPsec.conf</p>
<p># ipsec.conf - strongSwan IPsec configuration file<br>
<br>
# basic configuration<br>
<br>
config setup<br>
<br>
conn %default<br>
ikelifetime=1440m<br>
keylife=60m<br>
rekeymargin=3m<br>
keyingtries=1<br>
authby=secret<br>
keyexchange=ikev2<br>
mobike=no<br>
<br>
conn net-net<br>
left=10.15.66.10<br>
leftsubnet=10.15.66.0/24<br>
leftid=@me<br>
leftfirewall=yes<br>
right=1.2.3.4 (client public IP changed)<br>
rightsubnet=192.168.118.0/24<br>
rightid=@client<br>
ike=aes256-sha2_256-modp2048!<br>
esp=aes256-sha2_256-modp2048!<br>
auto=start<br>
</p>
<p><br>
</p>
<p>ipsec.secrets:</p>
<p># ipsec.secrets - strongSwan IPsec secrets file<br>
@me @client : PSK "xxxxxx"<br>
</p>
<p><br>
</p>
<p>Here is a part of the message log:</p>
<p>Jun 9 17:14:32 uatvpngateway charon: 06[NET] received packet:
from 1.2.3.4[500] to 10.15.66.10[500] (384 bytes)<br>
Jun 9 17:14:32 uatvpngateway charon: 06[ENC] parsed IKE_SA_INIT
request 0 [ SA KE No N(FRAG_SUP) ]<br>
Jun 9 17:14:32 uatvpngateway charon: 06[IKE] 1.2.3.4 is
initiating an IKE_SA<br>
Jun 9 17:14:32 uatvpngateway charon: 06[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048<br>
Jun 9 17:14:32 uatvpngateway charon: 06[ENC] generating
IKE_SA_INIT response 0 [ SA KE No N(FRAG_SUP) N(MULT_AUTH) ]<br>
Jun 9 17:14:32 uatvpngateway charon: 06[NET] sending packet: from
10.15.66.10[500] to 1.2.3.4[500] (392 bytes)<br>
Jun 9 17:14:32 uatvpngateway charon: 07[NET] received packet:
from 1.2.3.4[500] to 10.15.66.10[500] (448 bytes)<br>
Jun 9 17:14:32 uatvpngateway charon: 07[ENC] parsed IKE_AUTH
request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr
]<br>
Jun 9 17:14:32 uatvpngateway charon: 07[CFG] looking for peer
configs matching 10.15.66.10[%any]...1.2.3.4[1.2.3.4]<br>
Jun 9 17:14:32 uatvpngateway charon: 07[CFG] no matching peer
config found<br>
Jun 9 17:14:32 uatvpngateway charon: 07[ENC] generating IKE_AUTH
response 1 [ N(AUTH_FAILED) ]<br>
Jun 9 17:14:32 uatvpngateway charon: 07[NET] sending packet: from
10.15.66.10[500] to 1.2.3.4[500] (80 bytes)<br>
<br>
</p>
<p>Would appreciate if anyone can help to provide guidance on
getting this working.</p>
<p>Thanks<br>
</p>
<p> </p>
<table width="157" height="318" cellspacing="0" cellpadding="0"
border="0">
<colgroup><col
style="mso-width-source:userset;mso-width-alt:7680;width:162pt"
width="216"> <col
style="mso-width-source:userset;mso-width-alt:4721;width:100pt"
width="133"> <col
style="mso-width-source:userset;mso-width-alt:7168;width:151pt"
width="202"> <col
style="mso-width-source:userset;mso-width-alt:5091;width:107pt"
width="143"> </colgroup><tbody>
<tr style="height:14.4pt" height="19">
<td colspan="1" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl73"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td colspan="1" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td colspan="1" class="xl76" style="height:14.4pt;width:520pt"
width="694" height="19"><br>
</td>
</tr>
<tr style="height:20.4pt" height="27">
<td class="xl69"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:40.8pt" height="54">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:30.6pt" height="41">
<td class="xl71"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
<tr style="height:14.4pt" height="19">
<td class="xl67"
style="border-top:none;border-left:none;width:100pt"
width="133"><br>
</td>
</tr>
</tbody>
</table>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>