[strongSwan] host - juniper site / we have no ipsecN interface for either end of this connection

Leonardo de la Cerda leo at kueski.com
Tue Feb 19 22:51:17 CET 2013 

Hello Strongswan community,

I've trying to create a tunnel with a remote institution for a week without
success.
I'm searching for some advice in the community, thanks for all.
Any thoughts or ideas?

The main message that I receive is
we have no ipsecN interface for either end of this connection

 This is the data that the institution provided me:

VPN Gateway Device Information

Client Device

Círculo de Crédito

Name / FQDN





IP Address

204.236.153.221

201.175.36.180

VPN Device Description

Linux ip-10-166-186-64 3.2.0-27-virtual #43-Ubuntu SMP Fri Jul 6 14:45:58
UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Juniper Netscreen SSG 520

VPN Device Version



6.2.0r 7.0

DN Information of VPN Gateway , if using Certificates





Encryption Domain (e.g. 12.41.110.0/24)

* *







Tunnel Properties

Client Device

CÍRCULO DE CRÉDITO

Phase 1

Authentication Method

 PSK

PSK**

Encryption Scheme

IKE

IKE

Diffie-Hellman Group

Group 2

Group 2

Encryption Algorithm

AES-192

AES-192

Hashing Algorithm

SHA-1

SHA-1

Main or Aggressive Mode

Main Mode

Main Mode

Lifetime (for renegotiation)

86400

86400

Phase 2

Encapsulation (ESP or AH)

ESP

ESP

Encryption Algorithm

AES-192

AES-192

Authentication Algorithm

SHA-1

SHA-1

Perfect Forward Secrecy

NO-PFS

NO-PFS

Lifetime (for renegotiation)

3600

3600

Lifesize in KB (for renegotiation)

NA

NA

Key Exchange For Subnets?

 Yes

Yes



Network Routing information

Client Device

CÍRCULO DE CRÉDITO

Network IP Address / Subnet Mask



10.166.186.64

172.17.1.14

Service/Port

TCP 26000

TCP 26000



Those are my config files

*# /etc/ipsec.conf - strongSwan IPsec configuration file*

config setup
  charonstart=no
  plutostart=yes
  plutodebug=all

conn home
  left=204.236.153.221
  leftid=%left
  leftsourceip=10.166.186.64
  leftfirewall=no
  right=201.175.36.180
  rightid=%right
  rightsourceip=172.17.1.14
  rightfirewall=yes
  auto=start
  ikelifetime=86400s
  keylife=3600s
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  authby=secret
  esp=aes192-sha1
  ike=aes192-sha1-modp1024
  pfs=no
  auth=esp
  leftprotoport=tcp/26000
  rightprotoport=tcp/26000


*# /etc/ipsec.secrets - strongSwan IPsec secrets file*

204.236.153.221 201.175.36.180 : PSK 'Password'



*# strongswan.conf - strongSwan configuration file*
pluto {
  load = sha1 sha2 md5 aes des hmac gmp random kernel-netlink
}

# pluto uses optimized DH exponent sizes (RFC 3526)

libstrongswan {
   dh_exponent_ansi_x9_42 = no
}




-- 
*
 Leonardo de la Cerda
CTO, Co-Founder |
leo at kueski.com | +52 (33) 8421-1482
www.kueski.com <https://kueski.com/> |
@kueski<https://www.facebook.com/mykueski>
*



-- 
*
 Leonardo de la Cerda
CTO, Co-Founder |
leo at kueski.com | +52 (33) 8421-1482
www.kueski.com <https://kueski.com/> |
@kueski<https://www.facebook.com/mykueski>
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130219/e552596e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.log
Type: application/octet-stream
Size: 15097 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130219/e552596e/attachment.obj>

More information about the Users mailing list