[strongSwan] new to strongswan and couldn't establish a connection

Andreas Steffen andreas.steffen at strongswan.org
Wed Jan 19 22:54:02 CET 2011


With strongSwan 4.5.0 if you want an IKEv1 connection you must
define

   keyexchange=ikev1

explicitly since the default is ikev2.

Regards

Andreas

On 01/19/2011 04:34 PM, Spacelee wrote:
> this is the first time I try strongswan, and I couldn't establish a
> connection, here is the configuration file :
> server : centos 5.5 64 bit
> strongswan : newest
> client : mac os
>
> ipsec.conf :
> config setup
>          # crlcheckinterval=600
>          # strictcrlpolicy=yes
>          # cachecrls=yes
>          nat_traversal=yes
>          charonstart=yes
>          plutostart=yes
> conn L2TP
>          authby=psk
>          pfs=no
>          rekey=no
>          type=tunnel
>          left=192.168.1.97
>          leftnexthop=%defaultroute
>          leftprotoport=17/1701
>          right=%any
>          rightprotoport=17/%any
>          rightsubnetwithin=0.0.0.0/0 <http://0.0.0.0/0>
>          auto=add
>
>
> xl2tpd.conf
> [global]
> debug network = yes
> debug tunnel = yes
> [lns default]
> ip range = 10.0.0.200-10.0.0.254
> local ip = 10.0.0.1
> require chap = yes
> refuse pap = yes
> require authentication = yes
> name = NIELSPEEN.COM <http://NIELSPEEN.COM>
> ppp debug = yes
> pppoptfile = /etc/ppp/options.xl2tpd
> length bit = yes
>
>
> options.xl2tpd
> ipcp-accept-local
> ipcp-accept-remote
> ms-dns 8.8.8.8
> noccp
> auth
> crtscts
> idle 1800
> mtu 1410
> mru 1410
> nodefaultroute
> debug
> lock
> proxyarp
> connect-delay 5000
>
>
> ipsec.secrets
> 192.168.1.97 %any : PSK "testpsk"
>
> and the /var/log/secure
>
> Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
> 192.168.1.97:500 <http://192.168.1.97:500>
> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
> 192.168.1.97:4500 <http://192.168.1.97:4500>
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
> 127.0.0.1:500 <http://127.0.0.1:500>
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
> 127.0.0.1:4500 <http://127.0.0.1:4500>
> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
> Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 19 23:31:18 localhost pluto[13051]:   loaded PSK secret for
> 192.168.1.97 %any
> Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started
> after 20 ms
> Jan 19 23:31:18 localhost pluto[13051]: added connection description "L2TP"
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: initial Main Mode message received on
> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
> authorized with policy=PSK
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: initial Main Mode message received on
> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
> authorized with policy=PSK
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4df37928e9fc4fd1b3262170d515c662]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [8f8d83826d246b6fc7a8a6a428c11de8]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [439b59f8ba676c4c7737ae22eab8f582]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [4d1e0e136deafa34c4f3ea9f02ec7285]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [80d0bb3def54565ee84645d4c85ce3ee]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [9909b64eed937c6573de52ace952fa6b]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer Detection]
> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
> <http://192.168.1.102:500>: initial Main Mode message received on
> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
> authorized with policy=PSK
> --
> *Space Lee*
==================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list