[strongSwan] virtual ip

Naveen Neelakanta nbnopenswan at gmail.com
Sat Sep 14 05:47:23 CEST 2013


Hi All,

I have installed both strongswan server and client .
I am trying the virtual ip scenario with PSK auth method, but the i am not
able to get it working with the  attached configuration files used. Please
find the attached server and client configuration file.
I have installed the strongswan 5.1.0 version with the below confguration
to reduce the size.

"--disable-rc2 --disable-md5 --disable-sha1 --disable-sha2
--disable-fips-prf \
--disable-aes--disable-des --enable-openssl --disable-pkcs1 --disable-pkcs7
--disable-pkcs8 \
--disable-pkcs12--disable-pgp --disable-dnskey --disable-sshkey
--disable-hmac --disable-cmac \
--disable-xcbc --disable-gmp --disable-scripts --disable-ikev1
--disable-tools --enable-monolithic"

these below logs are collect from the command #ipsec start --nofork

/******** Client side log **********/
ipsec up host
initiating IKE_SA host[1] to 10.73.127.45
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 10.43.135.221[500] to 10.73.127.45[500] (752 bytes)
received packet: from 10.73.127.45[500] to 10.43.135.221[500] (440 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(MULT_AUTH)
]
authentication of '10.43.135.221' (myself) with pre-shared key
establishing CHILD_SA host
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR DNS)
SA TSi
 TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.43.135.221[4500] to 10.73.127.45[4500] (412 bytes)
received packet: from 10.73.127.45[4500] to 10.43.135.221[4500] (76 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'host' failed
/***************************************************/


/******** Server side log **********/
11[CFG] adding virtual IP address pool 'rw': 10.3.0.0/28
loading ca certificates from '/etc/ipsec.d/cacerts'
loading aa certificates from '/etc/ipsec.d/aacerts'
loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
loading attribute certificates from '/etc/ipsec.d/acerts'
spawning 4 worker threads
listening for IKE messages
adding interface wlan0/wlan0 10.73.127.45:500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
  loaded PSK secret for 10.73.127.45 10.43.135.221
"/etc/ipsec.secrets" line 12: PSK data malformed (input does not begin with
format prefix): 1234567890
added connection description "rw"
06[NET] received packet: from 10.43.135.221[500] to 10.73.127.45[500]
06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
06[IKE] 10.43.135.221 is initiating an IKE_SA
06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) N(MULT_AUTH) ]
06[NET] sending packet: from 10.73.127.45[500] to 10.43.135.221[500]
05[NET] received packet: from 10.43.135.221[4500] to 10.73.127.45[4500]
05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR
DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
05[CFG] looking for peer configs matching
10.73.127.45[10.73.127.45]...10.43.135.221[10.43.135.221]
05[CFG] no matching peer config found
05[IKE] peer supports MOBIKE
05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
05[NET] sending packet: from 10.73.127.45[4500] to 10.43.135.221[4500]
/**********************************************************************************/

Thanks
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/72392537/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_client.conf
Type: application/octet-stream
Size: 2293 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/72392537/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_client.secrets
Type: application/octet-stream
Size: 569 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/72392537/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_server.conf
Type: application/octet-stream
Size: 313 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/72392537/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec_server.secrets
Type: application/octet-stream
Size: 571 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130913/72392537/attachment-0003.obj>


More information about the Users mailing list