[strongSwan] PROBLEM "received TS_UNACCEPTABLE notify, no CHILD_SA built"
Igor Lopez Orbe
igorlor at gmail.com
Fri Jul 6 11:43:35 CEST 2012
Hello everyone,
I am trying to test net-net configuration following the howto of the website:
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
Unfortunately i get always the same error:
# ipsec up net-net
initiating IKE_SA net-net[1] to 192.168.1.93
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.1.118[500] to 192.168.1.93[500]
received packet: from 192.168.1.93[500] to 192.168.1.118[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ N(MULT_AUTH) ]
received cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
authentication of 'sun.strongswan.org' (myself) with pre-shared key
establishing CHILD_SA net-net
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH
SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 192.168.1.118[500] to 192.168.1.93[500]
received packet: from 192.168.1.93[500] to 192.168.1.118[500]
parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(TS_UNACCEPT) ]
authentication of 'moon.strongswan.org' with pre-shared key successful
IKE_SA net-net[1] established between
192.168.1.118[sun.strongswan.org]...192.168.1.93[moon.strongswan.org]
scheduling reauthentication in 3279s
maximum IKE_SA lifetime 3459s
received TS_UNACCEPTABLE notify, no CHILD_SA built
Could someone help me? Here you have the configuration files:
MOON
ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.1.93
leftsubnet=10.2.0.0/16
leftid=@moon.strongswan.org
right=192.168.1.118
rightsubnet=10.1.0.0/16
rightid=@sun.strongswan.org
auto=add
include /var/lib/strongswan/ipsec.conf.inc
ipsec.secrets:
@moon.strongswan.org @sun.strongswan.org : PSK
0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
@sun.strongswan.org : PSK "This is a strong password"
SUN
ipsec.conf:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
plutostart=no
# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn net-net
left=192.168.1.118
leftsubnet=10.2.0.0/16
leftid=@sun.strongswan.org
right=192.168.1.93
rightsubnet=10.1.0.0/16
rightid=@moon.strongswan.org
auto=add
include /var/lib/strongswan/ipsec.conf.inc
ipsec.secrets:
@moon.strongswan.org @sun.strongswan.org : PSK
0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL
@sun.strongswan.org : PSK "This is a strong password"
I dont know where can be the error...
Thanks in advance,
Igorlor
More information about the Users
mailing list