[strongSwan] strongSwan IKEv1 question

Nan Luo harvana2000 at yahoo.com
Fri May 6 22:55:40 CEST 2011

Hi, I am trying to setup a IKEv1 tunnel with a Security Gateway using strongSwan as client. But the tunnel failed at phase 2 negotiation with the following errors, can some one help?
[root at acme94 etc]# /usr/local2/sbin/ipsec up pskv1002 "pskv1" #3: initiating Main Mode102 "pskv1" #3: STATE_MAIN_I1: initiate003 "pskv1" #3: received Vendor ID payload [Dead Peer Detection]104 "pskv1" #3: STATE_MAIN_I2: sent MI2, expecting MR2106 "pskv1" #3: STATE_MAIN_I3: sent MI3, expecting MR3002 "pskv1" #3: Peer ID is ID_IPV4_ADDR: ''002 "pskv1" #3: ISAKMP SA established004 "pskv1" #3: STATE_MAIN_I4: ISAKMP SA established002 "pskv1" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#3}110 "pskv1" #4: STATE_QUICK_I1: initiate002 "pskv1" #4: up-host output: /usr/libexec/ipsec/_updown: obsolete interface version `1.1',002 "pskv1" #4: up-host output: /usr/libexec/ipsec/_updown: \011called by obsolete Pluto?003 "pskv1" #4: up-host command exited with status 2032 "pskv1" #4: STATE_QUICK_I1: internal error010 "pskv1" #4: STATE_QUICK_I1: retransmission; will wait 20s for response010 "pskv1" #4: STATE_QUICK_I1: retransmission; will
 wait 40s for response031 "pskv1" #4: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
I am running strongSwan4.5.0 with the following configuration:strongswan.conf :
# strongswan.conf - strongSwan configuration filepluto {  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink}
# pluto uses optimized DH exponent sizes (RFC 3526)
libstrongswan {  dh_exponent_ansi_x9_42 = no}
ipsec.conf :# ipsec.conf - strongSwan IPsec configuration file
config setup        plutodebug=control        charonstart=no
conn %default        ikelifetime=60m        keylife=20m        rekeymargin=3m        keyingtries=1        keyexchange=ikev1        authby=secret
conn pskv1        left=        leftfirewall=yes        right=        rightsubnet=        auto=add
ipsec.secrets :# /etc/ipsec.secrets - strongSwan IPsec secrets file : PSK "ipsecsecrets"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110506/b94fbbad/attachment.html>

More information about the Users mailing list