[strongSwan] "peer not responding, try again"

Meera Sudhakar mira.sudhakar at gmail.com
Thu Mar 10 07:19:23 CET 2011


Ok, thanks Andreas.

I just found out that Wolfgang Walter (
http://www.mail-archive.com/users@lists.strongswan.org/msg02152.html) had
the same problem as I have now, and I am also using the same version of
strongswan that he had used (4.4.0). Some work-around seems to be discussed
in this chain. I will have a look at that as well.

Thanks and regards,
Meera

On Wed, Mar 9, 2011 at 11:26 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> The log entry:
>
>
> : 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) ]
> : 06[NET] sending packet: from 10.58.114.215[500] to 10.58.112.139[500]
> : 14[IKE] retransmit 1 of request with message ID 0
>
> just means that your peer either does not receive the IKE_SA_INIT
> request or that the IKE_SA_INIT reply gets lost on the way back.
> You should check the log on the peer side.
>
> Regards
>
> Andreas
>
>
> On 03/09/2011 08:08 AM, Meera Sudhakar wrote:
>
>> Hi,
>> I am new to strongswan, and would really appreciate some help in setting
>> up the SAs. For some reason, packets being sent are not being received
>> by the other machine. After retries, it says "peer not responding, try
>> again". Please fine below an excerpt of my log file:
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: add
>> connection 'sample-with-ca-cert'
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   loaded certificate
>> "C=CH, O=Linux strongSwan, OU=Sales, CN=alice at strongswan.org
>> <mailto:CN=alice at strongswan.org>" from 'myCert.pem'
>>
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   id '10.58.114.215'
>> not confirmed by certificate, defaulting to 'C=CH, O=Linux strongSwan,
>> OU=Sales, CN=alice at strongswan.org' <mailto:CN=alice at strongswan.org'>
>>
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] added configuration
>> 'sample-with-ca-cert'
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke:
>> initiate 'sample-with-ca-cert'
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[IKE] initiating IKE_SA
>> sample-with-ca-cert[1] to 10.58.112.139
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[ENC] generating IKE_SA_INIT
>> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>> Mar  9 13:25:59 cip-Latitude-D520 charon: 06[NET] sending packet: from
>> 10.58.114.215[500] to 10.58.112.139[500]
>> Mar  9 13:26:03 cip-Latitude-D520 charon: 14[IKE] retransmit 1 of
>> request with message ID 0
>> Mar  9 13:26:03 cip-Latitude-D520 charon: 14[NET] sending packet: from
>> 10.58.114.215[500] to 10.58.112.139[500]
>> Mar  9 13:26:04 cip-Latitude-D520 charon: 10[CFG] received stroke: add
>> connection 'sample-with-ca-cert'
>> Also, please find below my ipsec.conf file:
>>  ipsec.conf - strongSwan IPsec configuration file
>> # basic configuration
>> config setup
>>         charondebug=all
>>         # plutodebug=all
>>         # crlcheckinterval=600
>>         strictcrlpolicy=yes
>>         # cachecrls=yes - only for ikev1
>>         # nat_traversal=yes
>>         charonstart=yes
>>         # plutostart=yes - only for ikev1
>> # Add connections here.
>> # Sample VPN connections
>> #conn sample-self-signed
>> #      left=10.58.112.170
>> #      leftsubnet=10.1.0.0/16 <http://10.1.0.0/16>
>>
>> #      leftcert=selfCert.der
>> #      leftsendcert=never
>> #      right=10.58.112.235
>> #      rightsubnet=10.2.0.0/16 <http://10.2.0.0/16>
>>
>> #      rightcert=peerCert.der
>> #      auto=start
>> conn sample-with-ca-cert
>>       left=10.58.114.215
>>       leftsubnet=10.58.114.0/24 <http://10.58.114.0/24>
>>
>>       leftcert=myCert.pem
>>       right=10.58.112.139
>>       rightsubnet=10.58.112.0/24 <http://10.58.112.0/24>
>>
>>       rightid="C=CH, O=Linux strongSwan CN=peer name"
>>       keyexchange=ikev2
>>       auto=start
>> include /var/lib/strongswan/ipsec.conf.inc
>> Can someone help me out?
>> Thanks,
>> Mira
>>
>> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110310/6e0bdcbb/attachment.html>


More information about the Users mailing list