[strongSwan] Unable to establish a IKEv2 PSK - MAC mismatchd

Adrian Milanoski amilanoski at rim.com
Fri Jun 29 22:24:41 CEST 2012 

HI all,

I  currently have 2 strongSwans in my  environment and one is currently authenticating and 1 is not.

I have cloned the configurations to the 'T' and yet still once allow authentication to pass. The one that is passing authentication is only passing authentication with 1 username, but when I setup another username I get the same errors as I did previously.

My current network configuration is as follows:

Public --> 10.137.205.0/24
Private --> 172.16.0.0/17

strongSwan1

public ip = 10.137.205.202
private ip = 172.16.1.60


ipsec.conf
config setup
        plutostart=no

conn %default
        keyexchange=ikev2
        type=tunnel
        rekeyfuzz=0%
        rekeymargin=30s
        rekey=yes
        reauth=no
        ikelifetime=7m
        keylife=5m
        authby=secret

rw-psk.conf

conn rw-psk
        left=10.137.205.202 <-- VPN Concentrator address
        leftfirewall=yes
        right=%any
        rightsourceip=172.16.3.0/24 <-- Virtual Pool for clients
        auto=add
        type=tunnel

strongSwan2

ipsec.conf

config setup
        charonstart=yes
        plutostart=no
        charondebug=all

# Add connections here.

conn rw-psk
        left=10.137.205.176
        leftsubnet=172.16.24.0/24
        leftsourceip=172.16.24.0/24
        right=%any
        rightsourceip=172.16.24.0/24
        auto=add
        authby=psk
        keyexchange=ikev2


Errors I am getting all the time now and I have read that there is no matching configuration or something along those lines. I am constantly trying to manipulate the configuration to work,  but have had no luck!

13[IKE] tried 1 shared key for '%any' - 'vpntest', but MAC mismatched

-
A








---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120629/7d849642/attachment.html>

More information about the Users mailing list