[strongSwan-dev] [strongSwan] Strongswan 5.2

Andreas Steffen andreas.steffen at strongswan.org
Thu Jun 16 13:05:04 CEST 2016


It looks as if the PSK is not the same on the other endpoint.

Regards

Andreas

On 16.06.2016 12:29, Jayapal Reddy wrote:
> Hi,
> 
> I am trying strongswan 5.2.1 for the site to site vpn.
> I have followed the config from the link[1] for the configuration. In my
> setup the connection is failed to come up.
> 
> [1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/
> 
> Can some one please suggest what is going wrong. Below are the logs.
> 
> # ipsec --version
> Linux strongSwan U5.2.1/K3.2.0-4-amd64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> 
> 
> 
> 
> R1 config:
> #auto=addpsec.conf - strongSwan IPsec configuration file
> 
> config setup
> 
> conn %default
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev1
>     #authby=secret
>     authby=psk
> 
> conn net-net
>     left=10.147.46.103
>     leftsubnet=10.10.0.0/16 <http://10.10.0.0/16>
>     leftfirewall=yes
>     right=10.147.46.112
>     rightsubnet=10.20.0.0/16 <http://10.20.0.0/16>
>     auto=add
> 
> # cat ipsec.secrets
> 10.147.46.112 10.147.46.103 : PSK "123456789"
> 
> R2 config:
> 
> # cat ipsec.conf
> 
> conn %default
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev1
>     authby=secret
> 
> conn net-net
>     left=10.147.46.112
>     leftsubnet=10.20.0.0/16 <http://10.20.0.0/16>
>     leftfirewall=yes
>     right=10.147.46.103
>     rightsubnet=10.10.0.0/16 <http://10.10.0.0/16>
>     auto=add
> # cat ipsec.secrets
> 10.147.46.103 10.147.46.112 : PSK "123456789"
> 
> 
> # ipsec up net-net
> initiating Main Mode IKE_SA net-net[3] to 10.147.46.112
> generating ID_PROT request 0 [ SA V V V V ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes)
> parsed ID_PROT response 0 [ SA V V V ]
> received XAuth vendor ID
> received DPD vendor ID
> received NAT-T (RFC 3947) vendor ID
> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes)
> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> generating ID_PROT request 0 [ ID HASH ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)
> invalid HASH_V1 payload length, decryption failed?
> could not decrypt payloads
> message parsing failed
> ignore malformed INFORMATIONAL request
> INFORMATIONAL_V1 request with message ID 867435333 processing failed
> 
> 
> Thanks,
> Jayapal
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160616/d5aa5513/attachment-0001.bin>


More information about the Dev mailing list