[strongSwan] Basic Setup

Morris, Russell rmorris at rkmorris.us
Sun Nov 23 14:56:46 CET 2014 

Hi,

My apologies for what I know is a dumb question, but I just can't get StrongSwan working ... :(. I want to set up a L2TP/IPSec server on Ubuntu 14.04, and I think I have all the basic pieces installed + have configured things - but just can't get a connection working. I want to use Windows, Windows Phone, iOS and Android clients - but for now just trying to get Windows going, and not wanting to use keys (to start, keep it simple). Here are my config files (matching an example on the web site),

/etc/ipsec.conf (standard, just using my IP address behind the cable mode / router):

config setup

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1

conn rw
        left=192.168.1.17
        leftid=@moon.strongswan.org
        leftsubnet=10.1.0.0/16
        leftauth=psk
        leftfirewall=yes
        right=%any
        rightsourceip=10.3.0.0/24
        rightauth=psk
        rightauth2=xauth
        auto=add


/etc/ipsec.secrets (for now, very basic):

: PSK "psk88"
username : XAUTH "password"


When I try to connect, here is what I get,

Nov 23 07:53:19 linuxbox charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 23 07:53:19 linuxbox charon: 00[CFG]   loaded IKE secret for %any
Nov 23 07:53:19 linuxbox charon: 00[CFG]   loaded EAP secret for username
Nov 23 07:53:19 linuxbox charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity xauth-generic addrblock
Nov 23 07:53:19 linuxbox charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
Nov 23 07:53:19 linuxbox charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov 23 07:53:19 linuxbox charon: 00[JOB] spawning 16 worker threads
Nov 23 07:53:19 linuxbox charon: 06[CFG] received stroke: add connection 'rw'
Nov 23 07:53:19 linuxbox charon: 06[CFG] adding virtual IP address pool 10.3.0.0/24
Nov 23 07:53:19 linuxbox charon: 06[CFG] added configuration 'rw'
Nov 23 07:54:00 linuxbox charon: 08[NET] received packet: from 187.141.76.5[500] to 192.168.1.17[500] (384 bytes)
Nov 23 07:54:00 linuxbox charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V ]
Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:08
Nov 23 07:54:00 linuxbox charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
Nov 23 07:54:00 linuxbox charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3
Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Nov 23 07:54:00 linuxbox charon: 08[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Nov 23 07:54:00 linuxbox charon: 08[IKE] 187.141.76.5 is initiating a Main Mode IKE_SA
Nov 23 07:54:00 linuxbox charon: 08[ENC] generating ID_PROT response 0 [ SA V V V ]
Nov 23 07:54:00 linuxbox charon: 08[NET] sending packet: from 192.168.1.17[500] to 187.141.76.5[500] (136 bytes)
Nov 23 07:54:00 linuxbox charon: 09[NET] received packet: from 187.141.76.5[500] to 192.168.1.17[500] (228 bytes)
Nov 23 07:54:00 linuxbox charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Nov 23 07:54:00 linuxbox charon: 09[IKE] local host is behind NAT, sending keep alives
Nov 23 07:54:00 linuxbox charon: 09[IKE] remote host is behind NAT
Nov 23 07:54:00 linuxbox charon: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Nov 23 07:54:00 linuxbox charon: 09[NET] sending packet: from 192.168.1.17[500] to 187.141.76.5[500] (212 bytes)
Nov 23 07:54:00 linuxbox charon: 10[NET] received packet: from 187.141.76.5[4500] to 192.168.1.17[4500] (76 bytes)
Nov 23 07:54:00 linuxbox charon: 10[ENC] parsed ID_PROT request 0 [ ID HASH ]
Nov 23 07:54:00 linuxbox charon: 10[CFG] looking for pre-shared key peer configs matching 192.168.1.17...187.141.76.5[192.168.22.57]
Nov 23 07:54:00 linuxbox charon: 10[IKE] no peer config found
Nov 23 07:54:00 linuxbox charon: 10[ENC] generating INFORMATIONAL_V1 request 3189985356 [ HASH N(AUTH_FAILED) ]
Nov 23 07:54:00 linuxbox charon: 10[NET] sending packet: from 192.168.1.17[4500] to 187.141.76.5[4500] (92 bytes)


I could be wrong, but I think the problem is "no peer config found" -> but it's in the file, no?

Any suggestion to get a basic config up and working (then I can go from there)

Thanks!!!



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141123/7e588719/attachment.html>

More information about the Users mailing list