[strongSwan] new to strongswan and couldn't establish a connection

Spacelee fjctlzy at gmail.com
Thu Jan 20 02:17:43 CET 2011


w\

On Thu, Jan 20, 2011 at 5:54 AM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> With strongSwan 4.5.0 if you want an IKEv1 connection you must
> define
>
>  keyexchange=ikev1
>
> explicitly since the default is ikev2.
>
>
Doesn't ikev2 work for me ?


> Regards
>
> Andreas
>
>
> On 01/19/2011 04:34 PM, Spacelee wrote:
>
>> this is the first time I try strongswan, and I couldn't establish a
>> connection, here is the configuration file :
>> server : centos 5.5 64 bit
>> strongswan : newest
>> client : mac os
>>
>> ipsec.conf :
>> config setup
>>         # crlcheckinterval=600
>>         # strictcrlpolicy=yes
>>         # cachecrls=yes
>>         nat_traversal=yes
>>         charonstart=yes
>>         plutostart=yes
>> conn L2TP
>>         authby=psk
>>         pfs=no
>>         rekey=no
>>         type=tunnel
>>         left=192.168.1.97
>>         leftnexthop=%defaultroute
>>         leftprotoport=17/1701
>>         right=%any
>>         rightprotoport=17/%any
>>         rightsubnetwithin=0.0.0.0/0 <http://0.0.0.0/0>
>>
>>         auto=add
>>
>>
>> xl2tpd.conf
>> [global]
>> debug network = yes
>> debug tunnel = yes
>> [lns default]
>> ip range = 10.0.0.200-10.0.0.254
>> local ip = 10.0.0.1
>> require chap = yes
>> refuse pap = yes
>> require authentication = yes
>> name = NIELSPEEN.COM <http://NIELSPEEN.COM>
>>
>> ppp debug = yes
>> pppoptfile = /etc/ppp/options.xl2tpd
>> length bit = yes
>>
>>
>> options.xl2tpd
>> ipcp-accept-local
>> ipcp-accept-remote
>> ms-dns 8.8.8.8
>> noccp
>> auth
>> crtscts
>> idle 1800
>> mtu 1410
>> mru 1410
>> nodefaultroute
>> debug
>> lock
>> proxyarp
>> connect-delay 5000
>>
>>
>> ipsec.secrets
>> 192.168.1.97 %any : PSK "testpsk"
>>
>> and the /var/log/secure
>>
>> Jan 19 23:31:18 localhost pluto[13051]: listening for IKE messages
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
>> 192.168.1.97:500 <http://192.168.1.97:500>
>>
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface eth0/eth0
>> 192.168.1.97:4500 <http://192.168.1.97:4500>
>>
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
>> 127.0.0.1:500 <http://127.0.0.1:500>
>>
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo
>> 127.0.0.1:4500 <http://127.0.0.1:4500>
>>
>> Jan 19 23:31:18 localhost pluto[13051]: adding interface lo/lo ::1:500
>> Jan 19 23:31:18 localhost pluto[13051]: loading secrets from
>> "/etc/ipsec.secrets"
>> Jan 19 23:31:18 localhost pluto[13051]:   loaded PSK secret for
>> 192.168.1.97 %any
>> Jan 19 23:31:18 localhost ipsec_starter[13050]: charon (13069) started
>> after 20 ms
>> Jan 19 23:31:18 localhost pluto[13051]: added connection description
>> "L2TP"
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
>>
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer
>> Detection]
>>
>> Jan 19 23:31:25 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: initial Main Mode message received on
>> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
>>
>> authorized with policy=PSK
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
>>
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer
>> Detection]
>>
>> Jan 19 23:31:28 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: initial Main Mode message received on
>> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
>>
>> authorized with policy=PSK
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [RFC 3947]
>>
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4df37928e9fc4fd1b3262170d515c662]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [8f8d83826d246b6fc7a8a6a428c11de8]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [439b59f8ba676c4c7737ae22eab8f582]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [4d1e0e136deafa34c4f3ea9f02ec7285]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [80d0bb3def54565ee84645d4c85ce3ee]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [9909b64eed937c6573de52ace952fa6b]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-03]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: ignoring Vendor ID payload
>>
>> [draft-ietf-ipsec-nat-t-ike-02_n]
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: received Vendor ID payload [Dead Peer
>> Detection]
>>
>> Jan 19 23:31:31 localhost pluto[13051]: packet from 192.168.1.102:500
>> <http://192.168.1.102:500>: initial Main Mode message received on
>> 192.168.1.97:500 <http://192.168.1.97:500> but no connection has been
>> authorized with policy=PSK
>> --
>> *Space Lee*
>>
> ==================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>



-- 
*Space Lee*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110120/8d29e753/attachment.html>


More information about the Users mailing list