[strongSwan] It Worked Now stopped Working no peer config

Marc Müller marc.mueller at apit-solutions.de
Thu Dec 3 16:24:04 CET 2015 

Hello,

i have a problem. My Strongswan Linux strongSwan U5.1.2/K3.13.0-71-generic. Ubuntu 12.04.
I have a net2net connection. My VPN Server with 20 Fritzboxes.

The compounds were automatically started. Now I get this error message, and the connections do not start automatically.
I start the connection manually with ipsec up name it works. Automatically, I get the error message.

syslog
Dec  3 06:36:55 s17338927 charon: 01[ENC] generating INFORMATIONAL_V1 request 3914028965 [ HASH N(AUTH_FAILED) ]
Dec  3 06:36:55 s17338927 charon: 01[NET] sending packet: from VPNSRVIP[500] to 91.xxx.xxx.137[500] (92 bytes)
Dec  3 06:36:55 s17338927 charon: 14[NET] received packet: from 87.xxx.xxx.8[500] to VPNSRVIP[500] (124 bytes)
Dec  3 06:36:55 s17338927 charon: 14[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
Dec  3 06:36:55 s17338927 charon: 14[CFG] looking for pre-shared key peer configs matching VPNSRVIP...87.xxx.xxx.8[xxxxxxxxxxx.myfritz.net]
Dec  3 06:36:55 s17338927 charon: 14[IKE] no peer config found
Dec  3 06:36:55 s17338927 charon: 14[ENC] generating INFORMATIONAL_V1 request 4096300844 [ HASH N(AUTH_FAILED) ]
Dec  3 06:36:55 s17338927 charon: 14[NET] sending packet: from VPNSRVIP[500] to 87.xxx.xxx.8[500] (92 bytes)
Dec  3 06:36:55 s17338927 charon: 12[NET] received packet: from fritzboxip[500] to VPNSRVIP[500] (416 bytes)
Dec  3 06:36:55 s17338927 charon: 12[ENC] parsed ID_PROT request 0 [ SA V V ]
Dec  3 06:36:55 s17338927 charon: 12[IKE] received XAuth vendor ID
Dec  3 06:36:55 s17338927 charon: 12[IKE] received DPD vendor ID
Dec  3 06:36:55 s17338927 charon: 12[IKE] 79.xxx.xxx.2 is initiating a Main Mode IKE_SA
Dec  3 06:36:55 s17338927 charon: 12[ENC] generating ID_PROT response 0 [ SA V V ]
Dec  3 06:36:55 s17338927 charon: 12[NET] sending packet: from VPNSRVIP[500] to 79.xxx.xxx.2[500] (116 bytes)
Dec  3 06:36:56 s17338927 charon: 15[NET] received packet: from 83.xxx.xxx.170[500] to VPNSRVIP[500] (476 bytes)
Dec  3 06:36:56 s17338927 charon: 15[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
Dec  3 06:36:56 s17338927 charon: 15[IKE] received XAuth vendor ID
Dec  3 06:36:56 s17338927 charon: 15[IKE] received DPD vendor ID
Dec  3 06:36:56 s17338927 charon: 15[IKE] received NAT-T (RFC 3947) vendor ID
Dec  3 06:36:56 s17338927 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Dec  3 06:36:56 s17338927 charon: 15[ENC] received unknown vendor ID: a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b


Ipsec.conf
conn name
        left=vpnserverip
        leftsubnet=10.254.254.0/24
        #
        ike=aes256-sha-modp1024
        esp=aes192-sha1-modp1024
        #
        right=%any
        rightid=@xxxxxxx.myfritz.net
        rightsubnet=10.1.1.0/24
        #
        ikelifetime=4h
        keylife=1h
        #
        authby=secret
        auto=start

ipsec.secrets
# PSK
vpnserverip intern : PSK "yxxxxxxxxx"

# ServerHostkey
: RSA ServerHostKey.pem

it worked. Now it suddenly stopped working.




Mit freundlichen Grüßen aus Gladbeck
-------------------------------
Marc Müller

_______________________________________________

APITSolutions
Andreas Patzelt IT Solutions
Krusenkamp 24
45964 Gladbeck

Telefon: 02043 / 9357169
Fax: 02043 / 9350639

E-Mail: marc.mueller at apit-solutions.de<mailto:marc.mueller at apit-solutions.de>
Web:    http://apit-solutions.de

USt-IdNr.: DE273467836
Geschäftsführung und Verantwortlichkeit:
Andreas Patzelt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151203/1b8ffd97/attachment.html>

More information about the Users mailing list