[strongSwan-dev] [strongSwan] Strongswan 5.2
Jayapal Reddy
jayapalatiiit at gmail.com
Thu Jun 16 13:11:11 CEST 2016
Hi Andreas,
You mean other end secrets file should contain as below ? I tried this also
but the result is same.
10.147.46.112 10.147.46.103 : PSK "123456789"
Thanks,
Jayapal
On Thu, Jun 16, 2016 at 4:35 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> It looks as if the PSK is not the same on the other endpoint.
>
> Regards
>
> Andreas
>
> On 16.06.2016 12:29, Jayapal Reddy wrote:
> > Hi,
> >
> > I am trying strongswan 5.2.1 for the site to site vpn.
> > I have followed the config from the link[1] for the configuration. In my
> > setup the connection is failed to come up.
> >
> > [1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/
> >
> > Can some one please suggest what is going wrong. Below are the logs.
> >
> > # ipsec --version
> > Linux strongSwan U5.2.1/K3.2.0-4-amd64
> > Institute for Internet Technologies and Applications
> > University of Applied Sciences Rapperswil, Switzerland
> > See 'ipsec --copyright' for copyright information.
> >
> >
> >
> >
> > R1 config:
> > #auto=addpsec.conf - strongSwan IPsec configuration file
> >
> > config setup
> >
> > conn %default
> > ikelifetime=60m
> > keylife=20m
> > rekeymargin=3m
> > keyingtries=1
> > keyexchange=ikev1
> > #authby=secret
> > authby=psk
> >
> > conn net-net
> > left=10.147.46.103
> > leftsubnet=10.10.0.0/16 <http://10.10.0.0/16>
> > leftfirewall=yes
> > right=10.147.46.112
> > rightsubnet=10.20.0.0/16 <http://10.20.0.0/16>
> > auto=add
> >
> > # cat ipsec.secrets
> > 10.147.46.112 10.147.46.103 : PSK "123456789"
> >
> > R2 config:
> >
> > # cat ipsec.conf
> >
> > conn %default
> > ikelifetime=60m
> > keylife=20m
> > rekeymargin=3m
> > keyingtries=1
> > keyexchange=ikev1
> > authby=secret
> >
> > conn net-net
> > left=10.147.46.112
> > leftsubnet=10.20.0.0/16 <http://10.20.0.0/16>
> > leftfirewall=yes
> > right=10.147.46.103
> > rightsubnet=10.10.0.0/16 <http://10.10.0.0/16>
> > auto=add
> > # cat ipsec.secrets
> > 10.147.46.103 10.147.46.112 : PSK "123456789"
> >
> >
> > # ipsec up net-net
> > initiating Main Mode IKE_SA net-net[3] to 10.147.46.112
> > generating ID_PROT request 0 [ SA V V V V ]
> > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)
> > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136
> bytes)
> > parsed ID_PROT response 0 [ SA V V V ]
> > received XAuth vendor ID
> > received DPD vendor ID
> > received NAT-T (RFC 3947) vendor ID
> > generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)
> > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372
> bytes)
> > parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> > generating ID_PROT request 0 [ ID HASH ]
> > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)
> > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)
> > invalid HASH_V1 payload length, decryption failed?
> > could not decrypt payloads
> > message parsing failed
> > ignore malformed INFORMATIONAL request
> > INFORMATIONAL_V1 request with message ID 867435333 processing failed
> >
> >
> > Thanks,
> > Jayapal
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
> >
>
> --
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160616/a45344de/attachment.html>
More information about the Dev
mailing list