[strongSwan] PROBLEM "received TS_UNACCEPTABLE notify, no CHILD_SA built"

Igor Lopez Orbe igorlor at gmail.com
Fri Jul 6 11:43:35 CEST 2012


Hello everyone,

I am trying to test net-net configuration following the howto of the website:

http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/

Unfortunately i get always the same error:

# ipsec up net-net
initiating IKE_SA net-net[1] to 192.168.1.93
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.1.118[500] to 192.168.1.93[500]
received packet: from 192.168.1.93[500] to 192.168.1.118[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
CERTREQ N(MULT_AUTH) ]
received cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd"
authentication of 'sun.strongswan.org' (myself) with pre-shared key
establishing CHILD_SA net-net
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH
SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 192.168.1.118[500] to 192.168.1.93[500]
received packet: from 192.168.1.93[500] to 192.168.1.118[500]
parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(TS_UNACCEPT) ]
authentication of 'moon.strongswan.org' with pre-shared key successful
IKE_SA net-net[1] established between
192.168.1.118[sun.strongswan.org]...192.168.1.93[moon.strongswan.org]
scheduling reauthentication in 3279s
maximum IKE_SA lifetime 3459s
received TS_UNACCEPTABLE notify, no CHILD_SA built


Could someone help me? Here you have the configuration files:

MOON

ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=secret
        keyexchange=ikev2
        mobike=no

conn net-net
     left=192.168.1.93
     leftsubnet=10.2.0.0/16
     leftid=@moon.strongswan.org
     right=192.168.1.118
     rightsubnet=10.1.0.0/16
     rightid=@sun.strongswan.org
     auto=add

include /var/lib/strongswan/ipsec.conf.inc


ipsec.secrets:

@moon.strongswan.org @sun.strongswan.org : PSK
0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL

@sun.strongswan.org : PSK "This is a strong password"



SUN

ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        plutostart=no

# Add connections here.

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=secret
        keyexchange=ikev2
        mobike=no

conn net-net
     left=192.168.1.118
     leftsubnet=10.2.0.0/16
     leftid=@sun.strongswan.org
     right=192.168.1.93
     rightsubnet=10.1.0.0/16
     rightid=@moon.strongswan.org
     auto=add

include /var/lib/strongswan/ipsec.conf.inc


ipsec.secrets:

@moon.strongswan.org @sun.strongswan.org : PSK
0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL

@sun.strongswan.org : PSK "This is a strong password"


I dont know where can be the error...

Thanks in advance,

Igorlor




More information about the Users mailing list