[strongSwan] ipsec connectivity fails on phase2 with error: [ HASH N(INVAL_ID) ]
Farid Farid
farid21657 at yahoo.com
Wed Jul 24 19:59:00 CEST 2013
Hi everyone,
I am trying to setup a simple ipsec tunnel ( net-to-net) using PSK following the example showing here in strongswan website: http://www.strongswan.org/uml/testresults/ikev1/net2net-psk/
I am running strongswan 5.0.1 on both sides and I am using the exact set up shown in this example.
My left gateway is lmu55=192.168.1.55 and right gateway is lmu56=192.168.1.56. When I start the strongswan on both side and issue the command >>ipsec -up lmu55
(lmu55 is connection name for the left side)from the left side I get the following messages and connection fails . I looked at the tcpdump data and it seems it completes phase1 but fails on phase2. I can also see in the stablishment of SA :
.......
KE_SA lmu55[1] established between 192.168.1.55[lmu55.strongswan.com]...192.168.1.56[lmu56.strongswan.com]
....
Error is [ HASH N(INVAL_ID) ] which you can see below in the output of ipsec command
I am wonder what I am missing here in my setup.
I appreciate your help in advance.
Farid
root at LMU5k:~# ipsec up lmu55
initiating Main Mode IKE_SA lmu55[1] to 192.168.1.56
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (224 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (372 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (92 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (92 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA lmu55[1] established between 192.168.1.55[lmu55.strongswan.com]...192.168.1.56[lmu56.strongswan.com]
scheduling reauthentication in 10258s
maximum IKE_SA lifetime 10798s
generating QUICK_MODE request 1597565745 [ HASH SA No ID ID ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (236 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (76 bytes)
parsed INFORMATIONAL_V1 request 4090518834 [ HASH N(INVAL_ID) ]
received INVALID_ID_INFORMATION error notify
establishing connection 'lmu55' failed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130724/316398d5/attachment.html>
More information about the Users
mailing list