[strongSwan] received AUTHENTICATION_FAILED notify error

Abbhishek Misra abhishekfishy2000 at gmail.com
Wed Mar 31 11:44:55 CEST 2010


Hello listreaders,

(started a new thread as these are fresh settings)

I moved on to a shared key with both ends instead of certificates.

Its still not comming up due to   AUTHENTICATION_FAILED notify error

below are my new settings

plm56:~/abhishek # cat  /etc/ipsec.conf
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
        crlcheckinterval=600
        strictcrlpolicy=yes
        plutostart=no
        charondebug=all
        cachecrls=yes
        nat_traversal=yes

conn charontest
        left=9.182.176.61
        right=9.182.176.56
        type=transport
        keyexchange=ikev2
        mobike=no
        auto=add
        authby=secret
        ike=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024

plm56:~/abhishek # cat /etc/ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file

9.182.176.61 9.182.176.56 : PSK "abcdefg12345"
plm56:~/abhishek #


plm61:~/abhishek # rm /etc/ipsec.conf
plm61:~/abhishek # rm /etc/ipsec.secrets
plm61:~/abhishek #
plm61:~/abhishek # scp plm56:/etc/ipsec.conf /etc/ipsec.conf
ipsec.conf
                        100%  449     0.4KB/s   00:00
plm61:~/abhishek # scp plm56:/etc/ipsec.secrets /etc/ipsec.secrets
ipsec.secrets
                        100%  101     0.1KB/s   00:00
plm61:~/abhishek #

started ipsec on both ends

plm61:~/abhishek # ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.3.4 IPsec [starter]...
plm61:~/abhishek #
plm61:~/abhishek #
plm61:~/abhishek # ipsec up charontest
initiating IKE_SA charontest[1] to 9.182.176.56
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 9.182.176.61[500] to 9.182.176.56[500]
received packet: from 9.182.176.56[500] to 9.182.176.61[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH)
]
authentication of '9.182.176.61' (myself) with pre-shared key
establishing CHILD_SA charontest
generating IKE_AUTH request 1 [ IDi IDr AUTH N(USE_TRANSP) SA TSi TSr
N(MULT_AUTH) ]
sending packet: from 9.182.176.61[500] to 9.182.176.56[500]
received packet: from 9.182.176.56[500] to 9.182.176.61[500]
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
plm61:~/abhishek #
plm61:~/abhishek #

plm61:~/abhishek # ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.3.4):
  uptime: 5 minutes, since Mar 31 20:17:24 2010
  worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
  loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 hmac xcbc
stroke kernel-netlink updown
Listening IP addresses:
  9.182.176.61
Connections:
  charontest:  9.182.176.61...9.182.176.56
  charontest:   local:  [9.182.176.61] uses pre-shared key authentication
  charontest:   remote: [9.182.176.56] uses any authentication
  charontest:    crl:   status must be GOOD
  charontest:   child:  dynamic === dynamic
Security Associations:
  none
plm61:~/abhishek #

log messages also do not have any additional info

let me knows your views on this.

reagrds
Abhishek




More information about the Users mailing list