[strongSwan] no virtual IP found for %any requested

carachi diego carachi83 at gmail.com
Sun Apr 14 18:18:06 CEST 2013


Hi everybody,
I have this problem: the Windows Machine connect to the debian server but
the client doesn't receive the IP address, in fact in the ipsec log I have
this error:
"Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com'"

How can I solve this problem?
I see an other thing,  in the wireshark I don't see any communication from
the server to the client. It is right or not?

Below the configuration files and log.

Thank you


-----------------------------------------------------------------------------------------------------------------------------

LOG FILE

Apr 14 07:49:08 debian charon: 14[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
Apr 14 07:49:08 debian charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V
V V V V V V V V ]
Apr 14 07:49:08 debian charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-00 vendor ID
Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
Apr 14 07:49:08 debian charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 14 07:49:08 debian charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Apr 14 07:49:08 debian charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Apr 14 07:49:08 debian charon: 14[IKE] received FRAGMENTATION vendor ID
Apr 14 07:49:08 debian charon: 14[IKE] received DPD vendor ID
Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
Apr 14 07:49:08 debian charon: 14[IKE] received Cisco Unity vendor ID
Apr 14 07:49:08 debian charon: 14[IKE] 172.16.151.141 is initiating a Main
Mode IKE_SA
Apr 14 07:49:08 debian charon: 14[ENC] generating ID_PROT response 0 [ SA V
V V ]
Apr 14 07:49:08 debian charon: 14[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
Apr 14 07:49:08 debian charon: 16[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
Apr 14 07:49:08 debian charon: 16[ENC] parsed ID_PROT request 0 [ KE No
CERTREQ NAT-D NAT-D ]
Apr 14 07:49:08 debian charon: 16[IKE] ignoring certificate request without
data
Apr 14 07:49:08 debian charon: 16[IKE] sending cert request for "C=UK,
ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 16[ENC] generating ID_PROT response 0 [ KE
No CERTREQ NAT-D NAT-D ]
Apr 14 07:49:08 debian charon: 16[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (499 bytes)
Apr 14 07:49:08 debian charon: 08[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)
Apr 14 07:49:08 debian charon: 08[ENC] parsed ID_PROT request 0 [ ID CERT
SIG ]
Apr 14 07:49:08 debian charon: 08[IKE] received end entity cert "C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 08[CFG] looking for RSA signature peer
configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds,
OU=IT, CN=ipsec, E=root at ipsec.com]
Apr 14 07:49:08 debian charon: 08[CFG] selected peer config "rw"
Apr 14 07:49:08 debian charon: 08[CFG]   using certificate "C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 08[CFG]   using trusted ca certificate
"C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 08[CFG] checking certificate status of
"C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 08[CFG] certificate status is not available
Apr 14 07:49:08 debian charon: 08[CFG]   reached self-signed root ca with a
path length of 0
Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com' with RSA successful
Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK, ST=Luton,
O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com' (myself) successful
Apr 14 07:49:08 debian charon: 08[IKE] IKE_SA rw[7] established between
172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
E=root at ipsec.com]...172.16.151.141[C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com]
Apr 14 07:49:08 debian charon: 08[IKE] scheduling reauthentication in 3404s
Apr 14 07:49:08 debian charon: 08[IKE] maximum IKE_SA lifetime 3584s
Apr 14 07:49:08 debian charon: 08[IKE] sending end entity cert "C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com"
Apr 14 07:49:08 debian charon: 08[ENC] generating ID_PROT response 0 [ ID
CERT SIG ]
Apr 14 07:49:08 debian charon: 08[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)
Apr 14 07:49:08 debian charon: 12[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Apr 14 07:49:08 debian charon: 12[ENC] parsed INFORMATIONAL_V1 request
3937839819 [ HASH N(INITIAL_CONTACT) ]
Apr 14 07:49:08 debian charon: 10[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Apr 14 07:49:08 debian charon: 10[ENC] parsed TRANSACTION request
1841991445 [ HASH CP ]
Apr 14 07:49:08 debian charon: 10[IKE] peer requested virtual IP %any
Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com'
Apr 14 07:49:08 debian charon: 10[ENC] generating TRANSACTION response
1841991445 [ HASH CP ]
Apr 14 07:49:08 debian charon: 10[NET] sending packet: from
172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
Apr 14 07:49:08 debian charon: 11[NET] received packet: from
172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
Apr 14 07:49:08 debian charon: 11[ENC] parsed INFORMATIONAL_V1 request
1182985237 [ HASH D ]
Apr 14 07:49:08 debian charon: 11[IKE] received DELETE for IKE_SA rw[7]
Apr 14 07:49:08 debian charon: 11[IKE] deleting IKE_SA rw[7] between
172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
E=root at ipsec.com]...172.16.151.141[C=UK,
ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com]





-----------------------------------------------------------------------------------------------------

/etc/ipsec.conf


# ipsec.conf - strongSwan IPsec configuration file

config setup
#    # strictcrlpolicy=yes
#    # uniqueids = no

conn %default
    type=tunnel
    ike=aes128-sha1-modp2048,3des-sha1-modp1536
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    esp=aes128-sha1,3des-sha1
        mobike=yes
        leftikeport=4500
        rightikeport=4500


conn rw
    left=172.16.151.100
    leftcert=gatewayCert.pem
    leftid=@ipsec.org
    leftsubnet=192.168.7.0/24
    leftfirewall=yes
    right=%any
    auto=add



------------------------------------------------------------------------------------------------

/etc/strongswan.conf

# strongswan.conf - strongSwan configuration file

charon {

    load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp
random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke
kernel-netlink socket-default updown


pluto {

}

libstrongswan {

}














-- 
http://www.2dd.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130414/5a574877/attachment.html>


More information about the Users mailing list