[strongSwan] Error 13801 in windows
Kamil Jońca
kjonca at o2.pl
Wed Jun 8 13:17:55 CEST 2011
My /etc/ipsec.conf
--8<---------------cut here---------------start------------->8---
config setup
nat_traversal=yes
charonstart=yes
plutostart=no
conn bambus
left=%defaultroute
leftsubnet=192.168.200.0/24
leftcert=alfa.kjonca.1.pem
leftid="C=PL, ST=Mazowieckie, O=kjonca.kjonca, OU=ipsec, CN=alfa.kjonca"
right=%any
rightid="C=PL, ST=Mazowieckie, O=kjonca.kjonca, OU=ipsec, CN=host/bambus at KJONCA"
rightsourceip=192.168.200.211
keyexchange=ikev2
auto=add
rightca="C=PL, ST=Mazowieckie, L=Warszawa, O=kjonca.kjonca, OU=ipsec, CN=openswan--kjonca.kjonca"
leftca="C=PL, ST=Mazowieckie, L=Warszawa, O=kjonca.kjonca, OU=ipsec, CN=openswan--kjonca.kjonca"
include /var/lib/strongswan/ipsec.conf.inc
--8<---------------cut here---------------end--------------->8---
Server box is behind nat.
Client laptop also is behind nat.
And I cannot create connection windows shows error 13801.
In syslog I have:
[...]
2011-06-08T13:12:18+02:00 alfa charon: 00[JOB] spawning 16 worker threads
2011-06-08T13:12:18+02:00 alfa charon: 10[CFG] received stroke: add connection 'bambus'
2011-06-08T13:12:18+02:00 alfa charon: 10[CFG] loaded certificate "C=PL, ST=Mazowieckie, O=kjonca.kjonca, OU=ipsec, CN=alfa.kjonca" from 'alfa.kjonca.1.pem'
2011-06-08T13:12:18+02:00 alfa charon: 10[CFG] added configuration 'bambus'
2011-06-08T13:12:18+02:00 alfa charon: 10[CFG] adding virtual IP address pool 'bambus': 192.168.200.211/32
2011-06-08T13:12:21+02:00 alfa charon: 15[NET] received packet: from 80.50.55.206[500] to 192.168.200.200[500]
2011-06-08T13:12:21+02:00 alfa charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
2011-06-08T13:12:21+02:00 alfa charon: 15[IKE] 80.50.55.206 is initiating an IKE_SA
2011-06-08T13:12:21+02:00 alfa charon: 15[IKE] local host is behind NAT, sending keep alives
2011-06-08T13:12:21+02:00 alfa charon: 15[IKE] remote host is behind NAT
2011-06-08T13:12:21+02:00 alfa charon: 15[IKE] sending cert request for "C=PL, ST=Mazowieckie, L=Warszawa, O=kjonca.kjonca, OU=ipsec, CN=openswan--kjonca.kjonca"
2011-06-08T13:12:21+02:00 alfa charon: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
2011-06-08T13:12:21+02:00 alfa charon: 15[NET] sending packet: from 192.168.200.200[500] to 80.50.55.206[500]
2011-06-08T13:12:21+02:00 alfa charon: 16[NET] received packet: from 80.50.55.206[4500] to 192.168.200.200[4500]
2011-06-08T13:12:21+02:00 alfa charon: 16[ENC] unknown attribute type INTERNAL_IP4_SERVER
2011-06-08T13:12:21+02:00 alfa charon: 16[ENC] unknown attribute type INTERNAL_IP6_SERVER
2011-06-08T13:12:21+02:00 alfa charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
2011-06-08T13:12:21+02:00 alfa charon: 16[IKE] received cert request for unknown ca with keyid [....some unknown certs ....]
2011-06-08T13:12:21+02:00 alfa charon: 16[IKE] received cert request for "C=PL, ST=Mazowieckie, L=Warszawa, O=kjonca.kjonca, OU=ipsec, CN=openswan--kjonca.kjonca"
2011-06-08T13:12:21+02:00 alfa charon: 16[IKE] received end entity cert "C=PL, ST=Mazowieckie, O=kjonca.kjonca, OU=ipsec, CN=host/bambus at KJONCA"
2011-06-08T13:12:21+02:00 alfa charon: 16[CFG] looking for peer configs matching 192.168.200.200[%any]...80.50.55.206[C=PL, ST=Mazowieckie, O=kjonca.kjonca, OU=ipsec, CN=host/bambus at KJONCA]
2011-06-08T13:12:21+02:00 alfa charon: 16[CFG] no matching peer config found
2011-06-08T13:12:21+02:00 alfa charon: 16[IKE] peer supports MOBIKE
2011-06-08T13:12:21+02:00 alfa charon: 16[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2011-06-08T13:12:21+02:00 alfa charon: 16[NET] sending packet: from 192.168.200.200[4500] to 80.50.55.206[4500]
[...]
Any ideas?
KJ
--
http://sporothrix.wordpress.com/2011/01/16/usa-sie-krztusza-kto-nastepny/
Nie przerywaj mi, kiedy ja przerywam
--W.Churchill
More information about the Users
mailing list