[strongSwan] no virtual IP found for %any requested

Sun Apr 14 23:27:14 CEST 2013

Hi,

you must define a Virtual IP address pool, e.g.

  rightsourceip=192.168.10.0/24

Regards

Andreas

On 04/14/2013 06:18 PM, carachi diego wrote:
> Hi everybody,
> I have this problem: the Windows Machine connect to the debian server
> but the client doesn't receive the IP address, in fact in the ipsec log
> I have this error:
> "Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
> requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>'"
> 
> How can I solve this problem?
> I see an other thing,  in the wireshark I don't see any communication
> from the server to the client. It is right or not?
> 
> Below the configuration files and log.
> 
> Thank you
> 
> 
> -----------------------------------------------------------------------------------------------------------------------------
> 
> LOG FILE
> 
> Apr 14 07:49:08 debian charon: 14[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (3756 bytes)
> Apr 14 07:49:08 debian charon: 14[ENC] parsed ID_PROT request 0 [ SA V V
> V V V V V V V V V ]
> Apr 14 07:49:08 debian charon: 14[IKE] received
> draft-ietf-ipsec-nat-t-ike-00 vendor ID
> Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
> Apr 14 07:49:08 debian charon: 14[IKE] received
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> Apr 14 07:49:08 debian charon: 14[IKE] received
> draft-ietf-ipsec-nat-t-ike-03 vendor ID
> Apr 14 07:49:08 debian charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
> Apr 14 07:49:08 debian charon: 14[IKE] received FRAGMENTATION vendor ID
> Apr 14 07:49:08 debian charon: 14[IKE] received DPD vendor ID
> Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26
> Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51
> Apr 14 07:49:08 debian charon: 14[ENC] received unknown vendor ID:
> 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b
> Apr 14 07:49:08 debian charon: 14[IKE] received Cisco Unity vendor ID
> Apr 14 07:49:08 debian charon: 14[IKE] 172.16.151.141 is initiating a
> Main Mode IKE_SA
> Apr 14 07:49:08 debian charon: 14[ENC] generating ID_PROT response 0 [
> SA V V V ]
> Apr 14 07:49:08 debian charon: 14[NET] sending packet: from
> 172.16.151.100[500] to 172.16.151.141[500] (140 bytes)
> Apr 14 07:49:08 debian charon: 16[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (365 bytes)
> Apr 14 07:49:08 debian charon: 16[ENC] parsed ID_PROT request 0 [ KE No
> CERTREQ NAT-D NAT-D ]
> Apr 14 07:49:08 debian charon: 16[IKE] ignoring certificate request
> without data
> Apr 14 07:49:08 debian charon: 16[IKE] sending cert request for "C=UK,
> ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 16[ENC] generating ID_PROT response 0 [
> KE No CERTREQ NAT-D NAT-D ]
> Apr 14 07:49:08 debian charon: 16[NET] sending packet: from
> 172.16.151.100[500] to 172.16.151.141[500] (499 bytes)
> Apr 14 07:49:08 debian charon: 08[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (1148 bytes)
> Apr 14 07:49:08 debian charon: 08[ENC] parsed ID_PROT request 0 [ ID
> CERT SIG ]
> Apr 14 07:49:08 debian charon: 08[IKE] received end entity cert "C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 08[CFG] looking for RSA signature peer
> configs matching 172.16.151.100...172.16.151.141[C=UK, ST=Luton, O=Beds,
> OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>]
> Apr 14 07:49:08 debian charon: 08[CFG] selected peer config "rw"
> Apr 14 07:49:08 debian charon: 08[CFG]   using certificate "C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 08[CFG]   using trusted ca certificate
> "C=UK, ST=Luton, L=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 08[CFG] checking certificate status of
> "C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 08[CFG] certificate status is not available
> Apr 14 07:49:08 debian charon: 08[CFG]   reached self-signed root ca
> with a path length of 0
> Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>' with RSA successful
> Apr 14 07:49:08 debian charon: 08[IKE] authentication of 'C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com
> <mailto:root at ipsec.com>' (myself) successful
> Apr 14 07:49:08 debian charon: 08[IKE] IKE_SA rw[7] established between
> 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
> E=root at ipsec.com <mailto:root at ipsec.com>]...172.16.151.141[C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>]
> Apr 14 07:49:08 debian charon: 08[IKE] scheduling reauthentication in 3404s
> Apr 14 07:49:08 debian charon: 08[IKE] maximum IKE_SA lifetime 3584s
> Apr 14 07:49:08 debian charon: 08[IKE] sending end entity cert "C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2, E=root at ipsec.com
> <mailto:root at ipsec.com>"
> Apr 14 07:49:08 debian charon: 08[ENC] generating ID_PROT response 0 [
> ID CERT SIG ]
> Apr 14 07:49:08 debian charon: 08[NET] sending packet: from
> 172.16.151.100[500] to 172.16.151.141[500] (1148 bytes)
> Apr 14 07:49:08 debian charon: 12[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> Apr 14 07:49:08 debian charon: 12[ENC] parsed INFORMATIONAL_V1 request
> 3937839819 [ HASH N(INITIAL_CONTACT) ]
> Apr 14 07:49:08 debian charon: 10[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> Apr 14 07:49:08 debian charon: 10[ENC] parsed TRANSACTION request
> 1841991445 [ HASH CP ]
> Apr 14 07:49:08 debian charon: 10[IKE] peer requested virtual IP %any
> Apr 14 07:49:08 debian charon: 10[IKE] no virtual IP found for %any
> requested by 'C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com
> <mailto:root at ipsec.com>'
> Apr 14 07:49:08 debian charon: 10[ENC] generating TRANSACTION response
> 1841991445 [ HASH CP ]
> Apr 14 07:49:08 debian charon: 10[NET] sending packet: from
> 172.16.151.100[500] to 172.16.151.141[500] (76 bytes)
> Apr 14 07:49:08 debian charon: 11[NET] received packet: from
> 172.16.151.141[500] to 172.16.151.100[500] (92 bytes)
> Apr 14 07:49:08 debian charon: 11[ENC] parsed INFORMATIONAL_V1 request
> 1182985237 [ HASH D ]
> Apr 14 07:49:08 debian charon: 11[IKE] received DELETE for IKE_SA rw[7]
> Apr 14 07:49:08 debian charon: 11[IKE] deleting IKE_SA rw[7] between
> 172.16.151.100[C=UK, ST=Luton, O=Beds, OU=IT, CN=ipsec-gw2,
> E=root at ipsec.com <mailto:root at ipsec.com>]...172.16.151.141[C=UK,
> ST=Luton, O=Beds, OU=IT, CN=ipsec, E=root at ipsec.com <mailto:root at ipsec.com>]
> 
> 
> 
> 
> 
> -----------------------------------------------------------------------------------------------------
> 
> /etc/ipsec.conf
> 
> 
> # ipsec.conf - strongSwan IPsec configuration file
> 
> config setup
> #    # strictcrlpolicy=yes
> #    # uniqueids = no
> 
> conn %default
>     type=tunnel
>     ike=aes128-sha1-modp2048,3des-sha1-modp1536
>     ikelifetime=60m
>     keylife=20m
>     rekeymargin=3m
>     keyingtries=1
>     keyexchange=ikev1
>     esp=aes128-sha1,3des-sha1
>         mobike=yes
>         leftikeport=4500
>         rightikeport=4500
> 
> 
> conn rw
>     left=172.16.151.100
>     leftcert=gatewayCert.pem
>     leftid=@ipsec.org <http://ipsec.org>
>     leftsubnet=192.168.7.0/24 <http://192.168.7.0/24>
>     leftfirewall=yes
>     right=%any
>     auto=add
> 
> 
> 
> ------------------------------------------------------------------------------------------------
> 
> /etc/strongswan.conf
> 
> # strongswan.conf - strongSwan configuration file
> 
> charon {
> 
>     load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 pkcs8 gmp
> random nonce x509 revocation hmac xcbc cmac ctr ccm gcm stroke
> kernel-netlink socket-default updown
> 
> 
> pluto {
> 
> }
> 
> libstrongswan {
> 
> }
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> http://www.2dd.it
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130414/5b8b9dd0/attachment.bin>