[strongSwan] HELP: packet not encrypted in net2net-psk setting

Mac Lin mkl0301 at gmail.com
Wed Dec 28 20:21:52 CET 2011


2011/12/29 Andreas Steffen <andreas.steffen at strongswan.org>
> you must first set up the IPsec connection via IKE.
> Either define
>  auto=start
> in ipsec.conf which automatically starts the negotiation
> or with the current
>  auto=add
> you must start the negotiation manually with
>  ipsec up net-net
Thanks!!

I got the following error on "moon":
# ipsec up net-net
002 "net-net" #1: initiating Main Mode
102 "net-net" #1: STATE_MAIN_I1: initiate
003 "net-net" #1: received Vendor ID payload [strongSwan]
003 "net-net" #1: received Vendor ID payload [XAUTH]
003 "net-net" #1: received Vendor ID payload [Dead Peer Detection]
104 "net-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
106 "net-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "net-net" #1: Peer ID is ID_FQDN: 'sun.strongswan.org'
002 "net-net" #1: ISAKMP SA established
004 "net-net" #1: STATE_MAIN_I4: ISAKMP SA established
002 "net-net" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#1}
110 "net-net" #2: STATE_QUICK_I1: initiate
010 "net-net" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "net-net" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "net-net" #2: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode
message: perhaps peer likes no proposal

And I noticed the following error in message on "sun":
Dec 31 17:01:01 buildroot authpriv.info pluto[479]: received netlink
error: Invalid argument (22)
Dec 31 17:01:01 buildroot authpriv.info pluto[479]: unable to add SAD
entry with SPI c1fe687a

I found several similar issue, but no solution. The following sound
quite like mine.
https://lists.strongswan.org/pipermail/users/2011-August/006512.html

Any suggestion?

Best Regards,
Mac Lin




More information about the Users mailing list