[strongSwan] [strongswan] NAT-T fails for Ikev1 negotiation
SaRaVanAn
saravanan.nagarajan87 at gmail.com
Thu Oct 4 16:59:18 CEST 2012
Hi ,
I tried to form a site-site tunnel with NAT device in between using
Ikev1. But I am getting the below error messages. I dont know what went
wrong. Please help me to understand the problem.
strongswan ---(NAT device)----- Netgear
Logs
+++++
Oct 4 20:25:12 localhost pluto[15315]: | inserting event EVENT_SA_EXPIRE,
timeout in 86400 seconds for #1
Oct 4 20:25:12 localhost pluto[15315]: "fqdn_vr"[1]
172.31.114.227:4500#1: sent MR3, ISAKMP SA established
Oct 4 20:25:12 localhost pluto[15315]: | next event EVENT_NAT_T_KEEPALIVE
in 19 seconds
Oct 4 20:25:22 localhost pluto[15315]: |
Oct 4 20:25:22 localhost pluto[15315]: | *received 76 bytes from
172.31.114.227:4500 on eth0
Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7
9e e8 84 73 ff 5a
Oct 4 20:25:22 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00
00 4c db b5 e7 60
Oct 4 20:25:22 localhost pluto[15315]: | e4 2b 1d eb e1 5d f8 41 64 1c
d0 4a d7 7c 89 1c
Oct 4 20:25:22 localhost pluto[15315]: | d9 02 cb 42 ee 8f 35 4a 69 b6
00 b1 4a f7 d1 69
Oct 4 20:25:22 localhost pluto[15315]: | 9d f4 6d 74 bf 15 03 73 e2 96
fc 3a
Oct 4 20:25:22 localhost pluto[15315]: | **parse ISAKMP Message:
Oct 4 20:25:22 localhost pluto[15315]: | initiator cookie:
Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36
Oct 4 20:25:22 localhost pluto[15315]: | responder cookie:
Oct 4 20:25:22 localhost pluto[15315]: | e2 e7 9e e8 84 73 ff 5a
Oct 4 20:25:22 localhost pluto[15315]: | next payload type:
ISAKMP_NEXT_ID
Oct 4 20:25:22 localhost pluto[15315]: | ISAKMP version: ISAKMP Version
1.0
Oct 4 20:25:22 localhost pluto[15315]: | exchange type:
ISAKMP_XCHG_IDPROT
Oct 4 20:25:22 localhost pluto[15315]: | flags: ISAKMP_FLAG_ENCRYPTION
Oct 4 20:25:22 localhost pluto[15315]: | message ID: 00 00 00 00
Oct 4 20:25:22 localhost pluto[15315]: | length: 76
Oct 4 20:25:22 localhost pluto[15315]: | ICOOKIE: 26 ed 6f e6 44 ce 76 36
Oct 4 20:25:22 localhost pluto[15315]: | RCOOKIE: e2 e7 9e e8 84 73 ff 5a
Oct 4 20:25:22 localhost pluto[15315]: | peer: ac 1f 72 e3
Oct 4 20:25:22 localhost pluto[15315]: | state hash entry 17
Oct 4 20:25:22 localhost pluto[15315]: | state object #1 found, in
STATE_MAIN_R3
Oct 4 20:25:22 localhost pluto[15315]: "fqdn_vr"[1]
172.31.114.227:4500#1: retransmitting in response to duplicate packet;
already STATE_MAIN_R3
Oct 4 20:25:22 localhost pluto[15315]: | sending 76 bytes for retransmit
in response to duplicate through eth0 to 172.31.114.227:4500:
Oct 4 20:25:22 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7
9e e8 84 73 ff 5a
Oct 4 20:25:22 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00
00 4c c8 83 25 f7
Oct 4 20:25:22 localhost pluto[15315]: | cb 77 1d 73 92 2b 0b 34 a0 93
05 ea 99 3a 06 1b
Oct 4 20:25:22 localhost pluto[15315]: | 3f d6 66 7f 6f fe 2b b2 48 e8
a7 e8 e0 4f 90 6e
Oct 4 20:25:22 localhost pluto[15315]: | 04 55 50 a4 5c 7f f1 36 41 c1
ac be
Oct 4 20:25:22 localhost pluto[15315]: | next event EVENT_NAT_T_KEEPALIVE
in 9 seconds
Oct 4 20:25:31 localhost pluto[15315]: |
Oct 4 20:25:31 localhost pluto[15315]: | *time to handle event
Oct 4 20:25:31 localhost pluto[15315]: | event after this is
EVENT_REINIT_SECRET in 3567 seconds
Oct 4 20:25:31 localhost pluto[15315]: | next event EVENT_REINIT_SECRET in
3567 seconds
Oct 4 20:25:32 localhost pluto[15315]: |
Oct 4 20:25:32 localhost pluto[15315]: | *received 76 bytes from
172.31.114.227:4500 on eth0
Oct 4 20:25:32 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36 e2 e7
9e e8 84 73 ff 5a
Oct 4 20:25:32 localhost pluto[15315]: | 05 10 02 01 00 00 00 00 00 00
00 4c db b5 e7 60
Oct 4 20:25:32 localhost pluto[15315]: | e4 2b 1d eb e1 5d f8 41 64 1c
d0 4a d7 7c 89 1c
Oct 4 20:25:32 localhost pluto[15315]: | d9 02 cb 42 ee 8f 35 4a 69 b6
00 b1 4a f7 d1 69
Oct 4 20:25:32 localhost pluto[15315]: | 9d f4 6d 74 bf 15 03 73 e2 96
fc 3a
Oct 4 20:25:32 localhost pluto[15315]: | **parse ISAKMP Message:
Oct 4 20:25:32 localhost pluto[15315]: | initiator cookie:
Oct 4 20:25:32 localhost pluto[15315]: | 26 ed 6f e6 44 ce 76 36
Oct 4 20:25:32 localhost pluto[15315]: | responder cookie:
Oct 4 20:25:32 localhost pluto[15315]: | e2 e7 9e e8 84 73 ff 5a
Oct 4 20:25:32 localhost pluto[15315]: | next payload type:
ISAKMP_NEXT_ID
Oct 4 20:25:32 localhost pluto[15315]: | ISAKMP version: ISAKMP Version
1.0
Oct 4 20:25:32 localhost pluto[15315]: | exchange type:
ISAKMP_XCHG_IDPROT
Oct 4 20:25:32 localhost pluto[15315]: | flags: ISAKMP_FLAG_ENCRYPTION
Oct 4 20:25:32 localhost pluto[15315]: | message ID: 00 00 00 00
Oct 4 20:25:32 localhost pluto[15315]: | length: 76
Oct 4 20:25:32 localhost pluto[15315]: | ICOOKIE: 26 ed 6f e6 44 ce 76 36
Oct 4 20:25:32 localhost pluto[15315]: | RCOOKIE: e2 e7 9e e8 84 73 ff 5a
Oct 4 20:25:32 localhost pluto[15315]: | peer: ac 1f 72 e3
Oct 4 20:25:32 localhost pluto[15315]: | state hash entry 17
Oct 4 20:25:32 localhost pluto[15315]: | state object #1 found, in
STATE_MAIN_R3
Oct 4 20:25:32 localhost pluto[15315]: "fqdn_vr"[1]
172.31.114.227:4500#1: retransmitting in response to duplicate packet;
already STATE_MAIN_R3
Oct 4 20:25:32 localhost pluto[15315]: | sending 76 bytes for retransmit
in response to duplicate through eth0 to 172.31.114.227:4500:
*Configuration for your reference
*
ipsec.conf
_______
ca vpnca
cacert=ikeca-sha1-2048-dn.crt
auto=add
config setup
plutostart=yes
plutodebug=all
charonstart=yes
charondebug=all
nat_traversal=yes
crlcheckinterval=10m
strictcrlpolicy=no
conn %default
ikelifetime=8h
lifetime = 8h
rekeyfuzz = 100%
keyingtries=1
conn fqdn_vr
auth=esp
type=tunnel
keyexchange=ikev1
left=172.31.114.246
right=%any
rightid=cross at cas.com
rightsubnet=0.0.0.0/0
authby=secret
pfs=no
rekey=no
auto=add
ipsec.secrets
_____________
172.31.114.246 %any : PSK "sachinten1"
Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121004/b6a3cb4d/attachment.html>
More information about the Users
mailing list