[strongSwan] ikev2 not working

Niccolò Belli darkbasic at linuxsystems.it
Sat Feb 25 02:51:01 CET 2012 

Hi,
I want to connect a roadwarrior behind nat to a strongswan server.
With IKEv1 everything works, while with IKEv2 it gets stuck on 
"initiating an IKE_SA".

Server:

conn server-roadwarrior
         keyexchange=ikev2
         authby=rsasig
         left=<public_ip>
         leftsubnet=192.168.1.0/24
         leftrsasigkey=
         right=%any
         rightsubnet=192.168.20.0/24
         #rightsourceip=192.168.40.5
         rightid=@laptop
         rightrsasigkey=
         type=tunnel
         auto=add

Nated roadwarrior:

conn server-roadwarrior
         keyexchange=ikev2
         authby=rsasig
         left=%defaultroute
         #leftsourceip=%config
         leftsubnet=192.168.20.0/24
         leftid=@laptop
         leftrsasigkey=
         right=<public_ip>
         rightsubnet=192.168.1.0/24
         rightrsasigkey=
         type=tunnel
         auto=start


/var/log/auth.log on server:
Feb 25 02:36:05 firewall charon: 10[IKE] 2.193.58.152 is initiating an 
IKE_SA
Feb 25 02:39:10 firewall ipsec_starter[22462]: charon stopped after 200 ms
Feb 25 02:39:10 firewall ipsec_starter[22462]: ipsec starter stopped
Feb 25 02:39:11 firewall ipsec_starter[24815]: Starting strongSwan 4.5.2 
IPsec [starter]...
Feb 25 02:39:11 firewall ipsec_starter[24828]: charon (24829) started 
after 40 ms
Feb 25 02:39:21 firewall charon: 10[IKE] <roadwarrior_ip> is initiating 
an IKE_SA
Feb 25 02:40:25 firewall ipsec_starter[24828]: charon stopped after 200 ms
Feb 25 02:40:25 firewall ipsec_starter[24828]: ipsec starter stopped
Feb 25 02:40:26 firewall ipsec_starter[25150]: Starting strongSwan 4.5.2 
IPsec [starter]...
Feb 25 02:40:26 firewall ipsec_starter[25163]: charon (25164) started 
after 40 ms
Feb 25 02:40:48 firewall charon: 06[IKE] <roadwarrior_ip> is initiating 
an IKE_SA


/var/log/auth.log on roadwarrior:
Feb 25 01:42:36 firewall-backup ipsec_starter[6806]: charon stopped 
after 200 ms
Feb 25 01:42:36 firewall-backup ipsec_starter[6806]: ipsec starter stopped
Feb 25 01:42:37 firewall-backup ipsec_starter[6850]: Starting strongSwan 
4.5.2 IPsec [starter]...
Feb 25 01:42:37 firewall-backup ipsec_starter[6863]: charon (6866) 
started after 60 ms
Feb 25 01:42:37 firewall-backup charon: 11[IKE] initiating IKE_SA 
server1-server2[1] to <server_ip>
Feb 25 01:44:02 firewall-backup ipsec_starter[6863]: charon stopped 
after 200 ms
Feb 25 01:44:02 firewall-backup ipsec_starter[6863]: ipsec starter stopped
Feb 25 01:44:03 firewall-backup ipsec_starter[6908]: Starting strongSwan 
4.5.2 IPsec [starter]...
Feb 25 01:44:03 firewall-backup ipsec_starter[6921]: charon (6924) 
started after 60 ms
Feb 25 01:44:03 firewall-backup charon: 11[IKE] initiating IKE_SA 
server1-server2[1] to <server_ip>


IKEv1 does work flawlessly! Strongswan 4.5.2 on both sides.

Cheers,
Niccolò

More information about the Users mailing list