[strongSwan] Conn linux roadwarrior, psk, nat,

Andreas Steffen andreas.steffen at strongswan.org
Mon Dec 26 17:13:09 CET 2011


Czesc Ireneusz,

it looks like if the Linksys box speaks IKEv1 only but
strongSwan by default uses the IKEv2 protocol. Just set

conn mycon
  keyexchange=ikev1
  ...

and check if you get any further.

Pozdrowienia

Andreas

On 12/25/2011 09:33 PM, Ireneusz Smoczkiewicz wrote:
> Hi all.
> I've made my config to connect to Linksys RV082. It's how it looks like:
> 
> config setup
> 	plutodebug=all
> 	# crlcheckinterval=600
> 	# strictcrlpolicy=yes
> 	# cachecrls=yes
> 	nat_traversal=yes
> 	charonstart=yes
> 	plutostart=yes
> 
> 
> conn mycon
>       authby=secret
>       auth=esp
>       pfs=yes
>       keyingtries=1
>       ike=3des-md5-modp1024
>       esp=3des-md5
>       left=%defaultroute
>       leftsubnet=192.168.0.0/24
>       right=83.XX.XXX.XXX
>       rightsubnet=192.168.98.0/24
>       auto=add
> 
> But I'm getting nowhere with this. Om my console I see:
> ...
> sending packet: from 192.168.0.104[500] to 83.XX.XXX.XXX[500]
> giving up after 5 retransmits
> establishing IKE_SA failed, peer not responding
> 
> On remote gateway in logs I can see:
> 
> [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
> Dec 25 21:19:34 2011     VPN Log    [Tunnel Negotiation Info] Inbound
> SPI value = 2d9e202d
> Dec 25 21:19:34 2011     VPN Log    [Tunnel Negotiation Info] Outbound
> SPI value = 10c2b009
> Dec 25 21:19:34 2011     VPN Log    [Tunnel Negotiation Info] >>>
> Responder send Quick Mode 2nd packet
> Dec 25 21:19:34 2011     VPN Log    [Tunnel Negotiation Info] <<<
> Responder Received Quick Mode 3rd packet
> Dec 25 21:19:34 2011     VPN Log    [Tunnel Negotiation Info] Quick
> Mode Phase 2 SA Established, IPSec Tunnel Connected
> Dec 25 21:19:34 2011     VPN Log    Dead Peer Detection Start, DPD
> delay timer=10 sec timeout=10 sec
> Dec 25 21:19:34 2011     VPN Log    ignoring Delete SA payload: IPSEC
> SA not found (maybe expired)
> .....
> Dec 25 21:19:34 2011     VPN Log    ignoring Delete SA payload: IPSEC
> SA not found (maybe expired)
> 
> Please help me - I've stuck :(
> Thanks
> 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list