[strongSwan-dev] Unable to establish tunnel between wrlinux and fedora
krishna chaitanya
krishnachaitanya.sanapala at gmail.com
Fri Jul 13 09:27:59 CEST 2012
Hi Team,
Just adding to it .
I was restarted the deamon and I am getting the following error message of
no socket implementation. Please advise if I am missing something.
*Console log in wrlinux machine*
root at krishna_msm-wrlinux:/rootipsec up host-host
no socket implementation registered, receiving failed
no socket implementation registered, receiving failed
initiating IKE_SA host-host[1] to 10.10.10.200
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
retransmit 1 of request with message ID 0
sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
retransmit 2 of request with message ID 0
sending packet: from 10.10.10.61[500] to 10.10.10.200[500
On Thu, Jul 12, 2012 at 8:46 PM, krishna chaitanya <
krishnachaitanya.sanapala at gmail.com> wrote:
> Hi Team,
>
> I was trying to establish IPsec functionality between WRLlinux (strongswan
> 4.1.4) and Fedora(strongswan 4.6.2) but was unsuccessful.
>
> Initially I had an error problem in spi allocation from kernel and then I
> loaded netlink-socket in the charon of Strongswan conf file.
>
> Please find the Console logs , Configuration Lists and let me know if I am
> missing something.
>
> *Console Log in fedora :*
> [root at localhost ~]# ipsec up host-host
> initiating IKE_SA host-host[1] to 10.10.10.61
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> retransmit 1 of request with message ID 0
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> retransmit 2 of request with message ID 0
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> retransmit 3 of request with message ID 0
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> retransmit 4 of request with message ID 0
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> retransmit 5 of request with message ID 0
> sending packet: from 10.10.10.200[500] to 10.10.10.61[500]
> giving up after 5 retransmits
> establishing IKE_SA failed, peer not responding
> [root at localhost ~]# ipsec statusall
> Status of IKEv2 charon daemon (strongSwan 4.6.3):
> uptime: 56 minutes, since Jul 12 19:15:08 2012
> malloc: sbrk 233472, mmap 0, used 122656, free 110816
> worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
> loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints
> pubkey pkcs1 pkcs8 pgp pem fips-prf gmp xcbc cmac hmac attr kernel-netlink
> resolve socket-raw stroke updown
> Listening IP addresses:
> 192.168.100.4
> 10.10.10.200
> Connections:
> host-host: 10.10.10.200...10.10.10.61
> host-host: local: [10.10.10.200] uses pre-shared key authentication
> host-host: remote: [10.10.10.61] uses pre-shared key authentication
> host-host: child: dynamic === dynamic TRANSPORT
> net-net: child: dynamic === dynamic TUNNEL
> benu: child: dynamic === dynamic TUNNEL
> Security Associations (0 up, 0 connecting):
> none
>
> *ipsec.conf file :*
> config setup
> plutostart=no
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> keyexchange=ikev2
> mobike=no
>
> conn host-host
> left=10.10.10.200
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.61
> rightauth=psk
> type=transport
> auto=add
>
> conn net-net
> left=10.10.10.200
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.61
> rightauth=psk
> type=tunnel
> auto=add
> conn benu
> left=10.10.10.200
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.61
> rightauth=psk
> type=tunnel
> auto=add
>
> *ipsec.secrets:*
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> #@moon.strongswan.org @sun.strongswan.org : PSK "hanjuruddevkdonr"
> #: RSA moonKey.pem
> : PSK "strongSwan"
>
> *strongswan.conf:*
> # strongswan.conf - strongSwan configuration file
>
> charon {
>
> # number of worker threads in charon
> #threads = 16
>
> # send strongswan vendor ID?
> # send_vendor_id = yes
> #hash_and_url = yes
> #load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509
> revocation hmac xcbc stroke kernel-netlink socket-default updown
> #multiple_authentication = no
> #load = curl aes des sha1 sha2 md5 pem pkcs1
>
> # plugins {
>
> # sql {
> # loglevel to log into sql database
> # loglevel = -1
> #
> # # URI to the database
> # # database = sqlite:///path/to/file.db
> # database = mysql://user:password@localhost
> /database
> # }
> # }
>
> # ...
> }
>
>
>
>
> *Console log on Windriver linux*
>
> root at benu_msm-wrlinux:/root> ipsec start
> Starting strongSwan 4.4.0 IPsec [starter]...
> insmod /lib/modules/2.6.34.12-grsec-WR4.3.0.0_cgl/kernel/net/key/af_key.ko
> root at benu_msm-wrlinux:/root> ipsec up host-host
> initiating IKE_SA host-host[1] to 10.10.10.200
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> retransmit 1 of request with message ID 0
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> retransmit 2 of request with message ID 0
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> retransmit 3 of request with message ID 0
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> retransmit 4 of request with message ID 0
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> retransmit 5 of request with message ID 0
> sending packet: from 10.10.10.61[500] to 10.10.10.200[500]
> giving up after 5 retransmits
> establishing IKE_SA failed, peer not responding
> root at benu_msm-wrlinux:/root> ipsec statusall
> Status of IKEv2 charon daemon (strongSwan 4.4.0):
> uptime: 58 minutes, since Jul 12 23:58:24 2012
> worker threads: 10 idle of 16, job queue load: 0, scheduled events: 0
> loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac stroke
> kernel-netlink updown
> Listening IP addresses:
> 10.10.10.61
> Connections:
> host-host: 10.10.10.61...10.10.10.200
> host-host: local: [10.10.10.61] uses pre-shared key authentication
> host-host: remote: [10.10.10.200] uses pre-shared key authentication
> host-host: child: dynamic === dynamic
> net-net: child: dynamic === dynamic
> benu: child: dynamic === dynamic
> Security Associations:
> none
>
> *ipsec.conf file :*
> config setup
> plutostart=no
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> keyexchange=ikev2
> mobike=no
>
> conn host-host
> left=10.10.10.61
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.200
> rightauth=psk
> type=transport
> auto=add
>
> conn net-net
> left=10.10.10.61
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.200
> rightauth=psk
> type=tunnel
> auto=add
> conn benu
> left=10.10.10.61
> leftauth=psk
> leftfirewall=yes
> right=10.10.10.200
> rightauth=psk
> type=tunnel
> auto=add
>
> *ipsec.secrets:*
> # /etc/ipsec.secrets - strongSwan IPsec secrets file
>
> #@moon.strongswan.org @sun.strongswan.org : PSK "hanjuruddevkdonr"
> #: RSA moonKey.pem
> : PSK "strongSwan"
>
> *strongswan.conf:*
> # strongswan.conf - strongSwan configuration file
>
> charon {
>
> # number of worker threads in charon
> #threads = 16
>
> # plugins to load in charon
> load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac stroke
> kernel-netlink socket-default updown
>
> #plugins {
>
> # sql {
> # loglevel to log into sql database
> # loglevel = -1
>
> # URI to the database
> # database = sqlite:///path/to/file.db
> # database = mysql://user:password@localhost
> /database
> # }
> #}
>
> # ...
> }
>
> pluto {
>
> # plugins to load in pluto
> # load = aes des sha1 md5 sha2 hmac gmp random pubkey
>
> }
>
> libstrongswan {
>
> # set to no, the DH exponent size is optimized
> # dh_exponent_ansi_x9_42 = no
>
>
>
> Thanks,
> KC
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20120713/7413d04b/attachment.html>
More information about the Dev
mailing list