[strongSwan] Strongswan 4.5 / 5.1 <-> Fritzbox -- configuration examples?

Andreas Kemper a_kemper at gmx.de
Tue Feb 25 17:25:24 CET 2014


I'd like to configure Strongswan on my Ubuntu server to become a client 
to the local network of my Fritzbox router at home. At first I created a 
modified roadwarrior configuration file for the router to disable IKEv1 
aggressive mode ("mode = phase1_mode_idp"). Hence it should be 
compatible with the Strongswan 4.5 release in my current Ubuntu LTS version.

Following I picked the test scenario 
which to my understanding contains all relevant client configuration. In 
ipsec.conf I've mainly changed these entries as following:

left = <server_local_IP>
leftid = <fritzbox_connection_name>
right = <fritzbox_dyndns_name>
rightid = <@fritzbox_dyndns_name>

For now during startup everything seems to be fine, but connection 
set-up get's stuck with these messages:

pluto[30211]: "FB-ipsec-vserver" #1: initiating Main Mode
pluto[30211]: "FB-ipsec-vserver" #1: max number of retransmissions (2) 
reached STATE_MAIN_I1.  No response (or no acceptable response) to our 
first IKE message

Firewall on server is temporarily disabled and I don't see any other 
obvious problem for the moment. Thus can someone please give me some 
hints, configuration samples or even better a kind of documentation 
containing possible configuration options for Strongswan with Fritzbox?

Preferably I'd like to get a broader/complete overview which 
configuration options like mode-config, xauth, aggressive mode are 
supported by both Strongswan versions 4.5 or soon 5.1 together with 
Fritzbox for different connection scenarios?

Thanks a lot,

More information about the Users mailing list