[strongSwan] IKE_SA_INIT failed with StrongSwan Site to Site VPN between different amazon VPCs

Wed Apr 24 17:29:04 CEST 2013

Sunny Soung <loesprite at ...> writes:

> 
> 
> Hi Guys,
> Please kindly advice.
> Thanks,
> Sumny
> 在 2012-11-21 下午9:10，"Sunny Soung" <loesprite-
Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>写道：
> Hi friends,
> 
> I have 2 VPCs in different amazon AZs. That's like 2 offices in different
cities. For data transfer reasons, I want to setup an IPSec VPN tunnel
between them.
> 
> 
> So I created 2 clean Ubuntu instances and installed StrongSwan with
apt-get. I changed the 3 configuration files - ipsec.conf, ipsec.secret and
strongswan.conf according to the example here
http://www.strongswan.org/uml/testresults4/ikev2/net2net-psk/.
> 
> 
> When I ran 'sudo ipsec up net-net' on one of the Ubuntu server, I saw the
output below:
> 
> **********************************************************************
> 
> 
> ubuntu <at> City1:~$ sudo ipsec up net-net
> 
> initiating IKE_SA net-net[1] to y.y.y.y
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> 
> retransmit 1 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 2 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> 
> retransmit 3 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> retransmit 4 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> 
> retransmit 5 of request with message ID 0
> sending packet: from x.x.x.x[500] to y.y.y.y[500]
> giving up after 5 retransmits
> establishing IKE_SA failed, peer not responding
> **********************************************************************
> 
> 
> I'm sure that the firewall has been opened for the connection. I also ran
tcpdump to monitor the traffic. But I saw nothing on each side. 
> 
> Any ideas?
> 
> 
> 
> 
> 
> Best wishes,
> Sunny
> 
> 
> 
> 
> <div>
> <p dir="ltr">Hi Guys,</p>
> <p dir="ltr">Please kindly advice.</p>
> <p dir="ltr">Thanks,<br>
> Sumny</p>
> <div class="gmail_quote">在 2012-11-21
下午9:10，"Sunny Soung" <<a
href="mailto:loesprite at ...">loesprite at ...</a>>写道：<br
type="attribution"><blockquote class="gmail_quote">
> <div>Hi friends,</div>
> <div><br></div>
> <div>I have 2 VPCs in different amazon AZs. That's like 2 offices in
different cities. For data transfer reasons, I want to setup an IPSec VPN
tunnel between them.</div>
> <div><br></div>
> 
> <div>So I created 2 clean Ubuntu instances and installed StrongSwan with
apt-get. I changed the 3 configuration files - ipsec.conf, ipsec.secret and
strongswan.conf according to the example here <a
href="http://www.strongswan.org/uml/testresults4/ikev2/net2net-psk/"
target="_blank">http://www.strongswan.org/uml/testresults4/ikev2/net2net-psk/</a>.</div>
> 
> <div><br></div>
> <div>When I ran 'sudo ipsec up net-net' on one of the Ubuntu server, I saw
the output below:</div>
> <div><br></div>
>
<div>**********************************************************************</div>
> <div>
> 
> ubuntu <at> City1:~$ sudo ipsec up net-net</div>
> <div><br></div>
> <div>initiating IKE_SA net-net[1] to y.y.y.y</div>
> <div>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
]</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> 
> <div>retransmit 1 of request with message ID 0</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> <div>retransmit 2 of request with message ID 0</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> 
> <div>retransmit 3 of request with message ID 0</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> <div>retransmit 4 of request with message ID 0</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> 
> <div>retransmit 5 of request with message ID 0</div>
> <div>sending packet: from x.x.x.x[500] to y.y.y.y[500]</div>
> <div>giving up after 5 retransmits</div>
> <div>establishing IKE_SA failed, peer not responding</div>
>
<div>**********************************************************************</div>
> 
> <div><br></div>
> <div>I'm sure that the firewall has been opened for the connection. I also
ran tcpdump to monitor the traffic. But I saw nothing on each side. </div>
> <div><br></div>
> <div>Any ideas?</div>
> <div><br></div>
> <div>
> 
> <br>
> </div>
> <div>Best wishes,</div>
> <div>Sunny</div>
> </blockquote>
> </div>
> </div>
> 

Hi everybody,

I up this post because i have the same problem.
I followed the same exemple and i get the same messages when i start ipsec.

So any idea?

Thanks

Kelly