[strongSwan] SA failed while configuring through stroke message
MANORANJAN S
manoranjan.s123 at gmail.com
Fri Apr 9 09:11:19 CEST 2010
Hi all,
I was able to establish a connection.
I have configured connection using stroke message:
./stroke add suhas 10.0.0.2 10.0.0.1 10.0.0.2 10.0.0.1 2.2.2.0/24
1.1.1.0/2424 24
where 10.0.0.1 and 10.0.0.2 are two linux machine ip and 2.2.2.0/24 and
1.1.1.0/24 are the subnets
This is the message i got after establishment:
[root at manoranjan stroke]# ./stroke up suhas
initiating IKE_SA suhas[1] to 10.0.0.1
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.0.0.2[500] to 10.0.0.1[500]
received packet: from 10.0.0.1[500] to 10.0.0.2[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(MULT_AUTH) ]
authentication of '10.0.0.2' (myself) with pre-shared key
establishing CHILD_SA suhas
generating IKE_AUTH request 1 [ IDi IDr AUTH N(USE_TRANSP) SA TSi TSr
N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ]
sending packet: from 10.0.0.2[4500] to 10.0.0.1[4500]
received packet: from 10.0.0.1[4500] to 10.0.0.2[4500]
parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
authentication of '10.0.0.1' with pre-shared key successful
IKE_SA suhas[1] established between 10.0.0.2[10.0.0.2]...10.0.0.1[10.0.0.1]
[root at manoranjan stroke]# ./stroke status
Security Associations:
suhas[1]: ESTABLISHED 6 seconds ago,
10.0.0.2[10.0.0.2]...10.0.0.1[10.0.0.1]
suhas{1}: INSTALLED, TUNNEL, ESP SPIs: cdef8e21_i c9c84ba0_o
suhas{1}: 2.2.2.0/24 === 1.1.1.0/24
But when i ping from 2.2.2.2 to 1.1.1.1 packets won't get encapsulated
please help me.. thanks in advance
With Regards
Manoranjan S
On Thu, Apr 8, 2010 at 1:39 PM, MANORANJAN S <manoranjan.s123 at gmail.com>wrote:
> Hi All,
>
> I am trying to set up SA( ikev2 ) by installing strongswan4.3.5 in two
> linux box.
> I have configured connection using stroke message:
>
> ./stroke add mano 10.0.0.1 10.0.0.2 10.0.0.2 10.0.0.1 2.2.2.0/24
> 1.1.1.0/24 1 2
>
> where 10.0.0.1 and 10.0.0.2 are two linux machine ip and 2.2.2.0 and
> 1.1.1.0 are the subnets.
>
> I am getting following error while SA establishment.
>
> Please let me know is there any more stroke command to be run for
> successful SA.
>
>
> [root at manoranjan stroke]# ./stroke up mano
> initiating IKE_SA mano[1] to 10.0.0.1
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 10.0.0.2[500] to 10.0.0.1[500]
> received packet: from 10.0.0.1[500] to 10.0.0.2[500]
> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
> N(MULT_AUTH) ]
> authentication of '10.0.0.1' (myself) with pre-shared key
> establishing CHILD_SA mano
> generating IKE_AUTH request 1 [ IDi IDr AUTH N(USE_TRANSP) SA TSi TSr
> N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ]
> sending packet: from 10.0.0.2[4500] to 10.0.0.1[4500]
> received packet: from 10.0.0.1[4500] to 10.0.0.2[4500]
> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> received AUTHENTICATION_FAILED notify error
> [root at manoranjan stroke]# ls
>
>
> regards
> Manoranjan S
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100409/e091d827/attachment.html>
More information about the Users
mailing list