[strongSwan] DPD [lack of] interoperability between strongswan and Cisco IOS

Olivier PELERIN olivier_pelerin at hotmail.com
Mon Jun 10 12:31:48 CEST 2013 

Martin,

I've compiled the image and I'm still facing the same issue. 

I've picked up the branch 

 * http://archives.gentoo.org/gentoo-dev/msg_b7ba363cae580845819ae3501fb157e9.xml
 * GIT update -->
 *    repository:               git://git.strongswan.org/strongswan.git
 *    at the commit:            57bc291a0fd1b2855637ff80aa2bee57bb2ff85c
 *    commit:                   master
 *    branch:                   ikev1-dpd-fix
 *    storage directory:        "/usr/portage/distfiles/git-src/strongswan"



ironmaiden strongswan # ipsec up R101-ikev1
initiating Main Mode IKE_SA R101-ikev1[1] to 10.1.1.254
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.1.1.1[500] to 10.1.1.254[500] (192 bytes)
received packet: from 10.1.1.254[500] to 10.1.1.1[500] (104 bytes)
parsed ID_PROT response 0 [ SA V ]
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 10.1.1.1[500] to 10.1.1.254[500] (244 bytes)
received packet: from 10.1.1.254[500] to 10.1.1.1[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.1.1.1[500] to 10.1.1.254[500] (76 bytes)
received packet: from 10.1.1.254[500] to 10.1.1.1[500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA R101-ikev1[1] established between 10.1.1.1[10.1.1.1]...10.1.1.254[10.1.1.254]
scheduling reauthentication in 9915s
maximum IKE_SA lifetime 10455s
DPD not supported by peer, disabled
generating QUICK_MODE request 3495826803 [ HASH SA No ID ID ]
sending packet: from 10.1.1.1[500] to 10.1.1.254[500] (204 bytes)
received packet: from 10.1.1.254[500] to 10.1.1.1[500] (204 bytes)
parsed QUICK_MODE response 3495826803 [ HASH SA No ID ID N((24576)) ]
CHILD_SA R101-ikev1{2} established with SPIs c5e52cf9_i c8e5830e_o and TS 10.10.11.0/24 === 10.10.10.0/24 
connection 'R101-ikev1' established successfully

Do you need any debugs? What verbosity?
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130610/ebb6b6b5/attachment.html>

More information about the Users mailing list