[strongSwan] no IKE config found for ..., sending NO_PROPOSAL_CHOSEN
Farid Farid
farid21657 at yahoo.com
Tue Aug 27 23:00:17 CEST 2013
Hello Everyone,
I have two machines one Ubunto 12.0 with strongSwan 4.5.2.1 and one a Openwrt router running strongswan 5.0.4.1.
I am configuring a simple host-host topology with secret key ( password). I ran >>ipsec start --nofork on ubuntu machine and >>ipsec up conn on Openwrt router .You can see below that I get error of No_PROPOSAL_CHOSEN.
Here are all my config files:
Here is the ipsec.conf for client side (openwrt):
version 2
config setup
charondebug = "ike 2,knl 2"
conn Ubuntu
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
left=192.168.1.55
right=192.168.1.209
authby=secret
auto=add
leftid="@lmu55"
esp=3des-md5,3des-sha1
ike=3des-md5-modp1536,3des-sha-modp1536,3des-md5-modp1024,3des-sha-modp1024
rightid="@lmu209"
type=tunnel
****No matter what I chose for ike and esp I get the error.I even left them out from the file but still getting error
Here is the ipsec.conf from server side: (Ubuntu)
:config setup
plutodebug=all
charonstart=yes
plutostart=no
conn %default
keyingtries=1
keyexchange=ikev2
left=192.18.1.209
leftid=@lmu209
authby=secret
mobike=no
pfs=no
# Add connections here.
# Sample VPN connections
conn desktop
right=192.168.1.55
rightid=@lmu55
type=tunnel
auto=add
here is the strongswan.conf in server side: ( Ubuntu):
~# strongswan.conf - strongSwan configuration file
charon {
# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = 2
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
}
# ...
}
pluto {
# load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
}
libstrongswan {
# set to no, the DH exponent size is optimized
dh_exponent_ansi_x9_42 = no
}
~
~
And here is the output of the ipsec start:
@>:~/Desktop/svn/lmu5000-base$ sudo ipsec start --nofork
Starting strongSwan 4.5.2 IPsec [starter]...
00[DMN]
Starting IKEv2 charon daemon (strongSwan 4.5.2)
00[KNL] listening on interfaces:
00[KNL] eth0
00[KNL] 192.168.1.209
00[KNL] fe80::20a:f7ff:fe09:720f
00[KNL] eth3
00[KNL] 192.168.45.160
00[KNL] fe80::b6b5:2fff:fed9:4f88
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading
ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loaded IKE secret for @lmu209 @lmu55
00[CFG] sql plugin: database URI not set
00[LIB] plugin 'sql': failed to load - sql_plugin_create returned NULL
00[CFG] loaded 0 RADIUS server configurations
00[LIB] plugin 'medsrv' failed to load: /usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared object file: No such file or directory
00[CFG] mediation client database URI not defined, skipped
00[LIB] plugin 'medcli': failed to load - medcli_plugin_create returned NULL
00[CFG] HA config misses local/remote address
00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
00[DMN] loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc nm dhcp led addrblock
00[JOB] spawning 16 worker threads
charon (24825) started after 40 ms
04[CFG] received stroke: add connection 'desktop'
04[CFG] left nor right host is our side, assuming left=local
04[CFG] added configuration 'desktop'
12[NET] received packet: from 192.168.1.55[500] to 192.168.1.209[500]
12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12[IKE] no IKE config found for 192.168.1.209...192.168.1.55, sending NO_PROPOSAL_CHOSEN
12[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
12[NET] sending packet: from 192.168.1.209[500] to 192.168.1.55[500]
I appreciate if someone can give me some hints here.
Thanks,
Farid
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130827/178065e6/attachment.html>
More information about the Users
mailing list