[strongSwan] Issue in VPN connection (IKEv1) with XAUTHPSK using android (ICS vpn client) with Strongswan 4.5.0 server

Andreas Steffen andreas.steffen at strongswan.org
Thu May 3 20:00:53 CEST 2012 

Hello Kushagra,

I think you mixed up left and right in your connection definition.

The error message is

packet from 192.168.43.62:500: initial Main Mode message received on 
192.168.43.212:500 but no connection has been authorized

This means that the server side is left=192.168.43.212 whereas
you defined left=192.168.43.62 which apparently is the client side.
Also if you define rightsourceip=10.0.0.3 then rightsubnet=0.0.0.0/0
is superfluous.

Regards

Andreas

On 05/03/2012 07:40 PM, Kushagra Bhatnagar wrote:
> Hello All,
>
> I am trying to setup the IKEv1 VPN connection with type as IPSEC XAUTH PSK on android ICS with strongswan server.
>
> Below is my /etc/ipsec.conf
>
> conn android
>          authby=xauthpsk
>          xauth=server
>          left=192.168.43.62
>          leftsubnet=0.0.0.0/0
>          leftnexthop=%defaultroute
>          leftsourceip=10.0.0.2
>          right=%any
>          rightsubnet=0.0.0.0/0
>          rightnexthop=%defaultroute
>          rightsourceip=10.0.0.3
>          pfs=no
>          auto=add
>
> below is the snapshot of ipsec.secrets
>
> 192.168.43.62 192.168.43.212  %any : PSK "whatyouseeiswhatyouget"
>
> : RSA serverKey.pem
> ipsecvpn : XAUTH 0x7365637265743230313200
>
> include /var/lib/strongswan/ipsec.secrets.inc
>
> Note:
> Above in ipsec.secrets file, I already provided xauth password in binary format with NULL terminated for taking care of Android 4 implementation.
>
> Configured the same settings on client with the same PSK and xauth password.
>
> After the above settings, when I tried to enable VPN on client, from the wireshark logs of server, I observe that client is keep on sending Identity protection (main mode) message to the server but the server is not replying back.
> Upon checking the server logs, I observe following error - "packet from 192.168.43.62:500: initial Main Mode message received on 192.168.43.212:500 but no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER".
>
> Below are the log snippets.
>
> May  3 13:11:48 Linux pluto[2209]: | preparse_isakmp_policy: peer requests XAUTHPSK+XAUTHSERVER authentication
> May  3 13:11:48 Linux pluto[2209]: packet from 192.168.43.62:500: initial Main Mode message received on 192.168.43.212:500 but no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER
> May  3 13:11:48 Linux pluto[2209]: | next event EVENT_REINIT_SECRET in 2635 seconds
>
> Can somebody please provide some update on the above error.
>
> Thanks,
> -Kushagra

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list