[strongSwan] "peer not responding, try again"

Andreas Steffen andreas.steffen at strongswan.org
Wed Mar 9 18:56:03 CET 2011 

The log entry:

: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) 
N(NATD_D_IP) ]
: 06[NET] sending packet: from 10.58.114.215[500] to 10.58.112.139[500]
: 14[IKE] retransmit 1 of request with message ID 0

just means that your peer either does not receive the IKE_SA_INIT
request or that the IKE_SA_INIT reply gets lost on the way back.
You should check the log on the peer side.

Regards

Andreas

On 03/09/2011 08:08 AM, Meera Sudhakar wrote:
> Hi,
> I am new to strongswan, and would really appreciate some help in setting
> up the SAs. For some reason, packets being sent are not being received
> by the other machine. After retries, it says "peer not responding, try
> again". Please fine below an excerpt of my log file:
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: add
> connection 'sample-with-ca-cert'
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   loaded certificate
> "C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org
> <mailto:CN=alice at strongswan.org>" from 'myCert.pem'
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   id '10.58.114.215'
> not confirmed by certificate, defaulting to 'C=CH, O=Linux strongSwan,
> OU=Sales, CN=alice at strongswan.org' <mailto:CN=alice at strongswan.org'>
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] added configuration
> 'sample-with-ca-cert'
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke:
> initiate 'sample-with-ca-cert'
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[IKE] initiating IKE_SA
> sample-with-ca-cert[1] to 10.58.112.139
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[NET] sending packet: from
> 10.58.114.215[500] to 10.58.112.139[500]
> Mar  9 13:26:03 cip-Latitude-D520 charon: 14[IKE] retransmit 1 of
> request with message ID 0
> Mar  9 13:26:03 cip-Latitude-D520 charon: 14[NET] sending packet: from
> 10.58.114.215[500] to 10.58.112.139[500]
> Mar  9 13:26:04 cip-Latitude-D520 charon: 10[CFG] received stroke: add
> connection 'sample-with-ca-cert'
> Also, please find below my ipsec.conf file:
>   ipsec.conf - strongSwan IPsec configuration file
> # basic configuration
> config setup
>          charondebug=all
>          # plutodebug=all
>          # crlcheckinterval=600
>          strictcrlpolicy=yes
>          # cachecrls=yes - only for ikev1
>          # nat_traversal=yes
>          charonstart=yes
>          # plutostart=yes - only for ikev1
> # Add connections here.
> # Sample VPN connections
> #conn sample-self-signed
> #      left=10.58.112.170
> #      leftsubnet=10.1.0.0/16 <http://10.1.0.0/16>
> #      leftcert=selfCert.der
> #      leftsendcert=never
> #      right=10.58.112.235
> #      rightsubnet=10.2.0.0/16 <http://10.2.0.0/16>
> #      rightcert=peerCert.der
> #      auto=start
> conn sample-with-ca-cert
>        left=10.58.114.215
>        leftsubnet=10.58.114.0/24 <http://10.58.114.0/24>
>        leftcert=myCert.pem
>        right=10.58.112.139
>        rightsubnet=10.58.112.0/24 <http://10.58.112.0/24>
>        rightid="C=CH, O=Linux strongSwan CN=peer name"
>        keyexchange=ikev2
>        auto=start
> include /var/lib/strongswan/ipsec.conf.inc
> Can someone help me out?
> Thanks,
> Mira
>
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list