[strongSwan] [Strongswan] Site to Site tunnel is not working for Ikev1 for identification as email.

SaRaVanAn saravanan.nagarajan87 at gmail.com
Mon Jun 11 19:14:08 CEST 2012


Hi,
 I tried to form a site to site tunnel in strongswan using IKEV1.  But
tunnel negotiation is not success.

Topology
__________
Strongswan(Router1) --------- Strongswan(VPN SERVER)


I have configured rightid=@www.naveen2.com in router2, but as per the below
error message,Strongswan is looking for
peer configs with identify as %any instead of "@www.naveen2.com".
Please provide your inputs

Logs
______

Jun 11 22:33:57 uxcasxxx pluto[1886]: | ******parse ISAKMP Oakley attribute:
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    af+type:
OAKLEY_AUTHENTICATION_METHOD
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    length/value: 1
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    [1 is pre-shared key]
*Jun 11 22:33:57 uxcasxxx pluto[1886]: "fqdn_vr1"[3] 172.31.114.226 #3:
Can't authenticate: no preshared key found for '172.31.114.227' and
'%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD*
Jun 11 22:33:57 uxcasxxx pluto[1886]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    next payload type:
ISAKMP_NEXT_NONE
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    length: 32
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    transform number: 1
Jun 11 22:33:57 uxcasxxx pluto[1886]: |    transform ID: KEY_IKE
Jun 11 22:33:57 uxcasxxx pluto[1886]: | ******parse ISAKMP Oakley attribute:

Router2
________
Router1
______
conn static-dynamic
    type=tunnel
    keyexchange=ikev1
    left=172.31.114.227
    right=%any
    rightid=@www.naveen2.com
    auth=esp
    authby=secret
    pfs=yes
    auto=add

172.31.114.227 @www.naveen2.com : PSK "presharedkey"

Router2
________
conn dynamic-static
    type=tunnel
    keyexchange=ikev1
    left=%defaultroute
    leftid=@www.naveen2.com
    right=172.31.114.227
    auth=esp
    authby=secret
    pfs=yes
    auto=add

@www.naveen2.com 172.31.114.227 : PSK "presharedkey"

Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120611/228a34b1/attachment.html>


More information about the Users mailing list