[strongSwan] received AUTHENTICATION_FAILED notify error
Abbhishek Misra
abhishekfishy2000 at gmail.com
Wed Mar 31 11:44:55 CEST 2010
Hello listreaders,
(started a new thread as these are fresh settings)
I moved on to a shared key with both ends instead of certificates.
Its still not comming up due to AUTHENTICATION_FAILED notify error
below are my new settings
plm56:~/abhishek # cat /etc/ipsec.conf
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=600
strictcrlpolicy=yes
plutostart=no
charondebug=all
cachecrls=yes
nat_traversal=yes
conn charontest
left=9.182.176.61
right=9.182.176.56
type=transport
keyexchange=ikev2
mobike=no
auto=add
authby=secret
ike=aes128-aes256-sha1-modp1536-modp2048,3des-sha1-md5-modp1024
plm56:~/abhishek # cat /etc/ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file
9.182.176.61 9.182.176.56 : PSK "abcdefg12345"
plm56:~/abhishek #
plm61:~/abhishek # rm /etc/ipsec.conf
plm61:~/abhishek # rm /etc/ipsec.secrets
plm61:~/abhishek #
plm61:~/abhishek # scp plm56:/etc/ipsec.conf /etc/ipsec.conf
ipsec.conf
100% 449 0.4KB/s 00:00
plm61:~/abhishek # scp plm56:/etc/ipsec.secrets /etc/ipsec.secrets
ipsec.secrets
100% 101 0.1KB/s 00:00
plm61:~/abhishek #
started ipsec on both ends
plm61:~/abhishek # ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 4.3.4 IPsec [starter]...
plm61:~/abhishek #
plm61:~/abhishek #
plm61:~/abhishek # ipsec up charontest
initiating IKE_SA charontest[1] to 9.182.176.56
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 9.182.176.61[500] to 9.182.176.56[500]
received packet: from 9.182.176.56[500] to 9.182.176.61[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH)
]
authentication of '9.182.176.61' (myself) with pre-shared key
establishing CHILD_SA charontest
generating IKE_AUTH request 1 [ IDi IDr AUTH N(USE_TRANSP) SA TSi TSr
N(MULT_AUTH) ]
sending packet: from 9.182.176.61[500] to 9.182.176.56[500]
received packet: from 9.182.176.56[500] to 9.182.176.61[500]
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
plm61:~/abhishek #
plm61:~/abhishek #
plm61:~/abhishek # ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.3.4):
uptime: 5 minutes, since Mar 31 20:17:24 2010
worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 hmac xcbc
stroke kernel-netlink updown
Listening IP addresses:
9.182.176.61
Connections:
charontest: 9.182.176.61...9.182.176.56
charontest: local: [9.182.176.61] uses pre-shared key authentication
charontest: remote: [9.182.176.56] uses any authentication
charontest: crl: status must be GOOD
charontest: child: dynamic === dynamic
Security Associations:
none
plm61:~/abhishek #
log messages also do not have any additional info
let me knows your views on this.
reagrds
Abhishek
More information about the Users
mailing list