[strongSwan] Azure dynamic routing VPN and Strongswan
koippa at gmail.com
Thu Sep 26 18:37:30 CEST 2013
I have tried to get this up and running with 5.1.0, having some problems:
# strongswan up to-azure
initiating IKE_SA to-azure to azure-public-ip
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from ss-public-ip to azure-public-ip (648 bytes)
received packet: from azure-public-ip to ss-public-ip (845 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V CERTREQ ]
received unknown vendor ID:
received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
received 24 cert requests for an unknown ca
authentication of 'ss-public-ip' (myself) with pre-shared key
establishing CHILD_SA to-azure
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi
TSr N(EAP_ONLY) ]
sending packet: from ss-public-ip to azure-public-ip (316 bytes)
received packet: from azure-public-ip to ss-public-ip (68 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'to-azure' failed
I have made ipsec.conf based on the configuration examples provided by
MS (for Juniper Dynamic routing ipsec). Local network behind SS is
10.96.96.0/24 and remote network in azure is 10.96.97.0/24. Strangely,
azure generated example configs have 10.96.96.1/24. I tried with
10.96.96.1/24 as traffic selector too, but no difference.
Any help is appreciated.
2013/9/20 Martin Willi <martin at strongswan.org>:
>> With that option, site-to-site connection is made with IKEv2 and PSK.
>> Is there any way to connect Azure with Strongswan, using IKEv2 and this
>> "dynamic routing VPN" option?
> According to the documentation, this looks like standard IKEv2 with PSK
> authentication. I wouldn't expect any interoperability problems with
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 8221 bytes
Desc: not available
More information about the Users