[strongSwan] strongSwan IKEv1 question
Nan Luo
harvana2000 at yahoo.com
Fri May 6 22:55:40 CEST 2011
Hi, I am trying to setup a IKEv1 tunnel with a Security Gateway using strongSwan as client. But the tunnel failed at phase 2 negotiation with the following errors, can some one help?
[root at acme94 etc]# /usr/local2/sbin/ipsec up pskv1002 "pskv1" #3: initiating Main Mode102 "pskv1" #3: STATE_MAIN_I1: initiate003 "pskv1" #3: received Vendor ID payload [Dead Peer Detection]104 "pskv1" #3: STATE_MAIN_I2: sent MI2, expecting MR2106 "pskv1" #3: STATE_MAIN_I3: sent MI3, expecting MR3002 "pskv1" #3: Peer ID is ID_IPV4_ADDR: '172.16.18.102'002 "pskv1" #3: ISAKMP SA established004 "pskv1" #3: STATE_MAIN_I4: ISAKMP SA established002 "pskv1" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#3}110 "pskv1" #4: STATE_QUICK_I1: initiate002 "pskv1" #4: up-host output: /usr/libexec/ipsec/_updown: obsolete interface version `1.1',002 "pskv1" #4: up-host output: /usr/libexec/ipsec/_updown: \011called by obsolete Pluto?003 "pskv1" #4: up-host command exited with status 2032 "pskv1" #4: STATE_QUICK_I1: internal error010 "pskv1" #4: STATE_QUICK_I1: retransmission; will wait 20s for response010 "pskv1" #4: STATE_QUICK_I1: retransmission; will
wait 40s for response031 "pskv1" #4: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
I am running strongSwan4.5.0 with the following configuration:strongswan.conf :
# strongswan.conf - strongSwan configuration filepluto { load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink}
# pluto uses optimized DH exponent sizes (RFC 3526)
libstrongswan { dh_exponent_ansi_x9_42 = no}
ipsec.conf :# ipsec.conf - strongSwan IPsec configuration file
config setup plutodebug=control charonstart=no
conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret
conn pskv1 left=172.16.18.202 leftfirewall=yes right=172.16.18.102 rightsubnet=172.16.18.102/32 auto=add
ipsec.secrets :# /etc/ipsec.secrets - strongSwan IPsec secrets file
172.16.18.202 172.16.18.102 : PSK "ipsecsecrets"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110506/b94fbbad/attachment.html>
More information about the Users
mailing list