[strongSwan] Mac OS 10.10 Client to Linux Strongswan server HASH N(AUTH_FAILED) error
Jude Oliver
judeo at blansys.com
Mon Apr 25 16:52:37 CEST 2016
Sorry, still not working for me, although the logging is not generating
that has error any more:
I am using a simplified ipsec.conf file:
cat ipsec.conf
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
leftauth=pubkey
rightauth=pubkey
rightid="C=US, O=BSI, CN=judeo at blansys.com"
And this is what I see in the logs now:
Apr 25 09:47:57 RH7Standard charon: 10[NET] received packet: from
10.0.11.160[500] to 10.0.11.200[500] (668 bytes)
Apr 25 09:47:57 RH7Standard charon: 10[ENC] parsed ID_PROT request 0 [ SA
V V V V V V V V V V V V V V ]
Apr 25 09:47:57 RH7Standard charon: 10[IKE] no IKE config found for
10.0.11.200...10.0.11.160, sending NO_PROPOSAL_CHOSEN
Apr 25 09:47:57 RH7Standard charon: 10[ENC] generating INFORMATIONAL_V1
request 3436506195 [ N(NO_PROP) ]
Apr 25 09:47:57 RH7Standard charon: 10[NET] sending packet: from
10.0.11.200[500] to 10.0.11.160[500] (40 bytes)
Apr 25 09:48:00 RH7Standard charon: 11[NET] received packet: from
10.0.11.160[500] to 10.0.11.200[500] (668 bytes)
Apr 25 09:48:00 RH7Standard charon: 11[ENC] parsed ID_PROT request 0 [ SA
V V V V V V V V V V V V V V ]
Apr 25 09:48:00 RH7Standard charon: 11[IKE] no IKE config found for
10.0.11.200...10.0.11.160, sending NO_PROPOSAL_CHOSEN
Apr 25 09:48:00 RH7Standard charon: 11[ENC] generating INFORMATIONAL_V1
request 3679528216 [ N(NO_PROP) ]
Apr 25 09:48:00 RH7Standard charon: 11[NET] sending packet: from
10.0.11.200[500] to 10.0.11.160[500] (40 bytes)
Apr 25 09:48:04 RH7Standard charon: 15[NET] received packet: from
10.0.11.160[500] to 10.0.11.200[500] (668 bytes)
Apr 25 09:48:04 RH7Standard charon: 15[ENC] parsed ID_PROT request 0 [ SA
V V V V V V V V V V V V V V ]
Apr 25 09:48:04 RH7Standard charon: 15[IKE] no IKE config found for
10.0.11.200...10.0.11.160, sending NO_PROPOSAL_CHOSEN
Apr 25 09:48:04 RH7Standard charon: 15[ENC] generating INFORMATIONAL_V1
request 1654821120 [ N(NO_PROP) ]
Apr 25 09:48:04 RH7Standard charon: 15[NET] sending packet: from
10.0.11.200[500] to 10.0.11.160[500] (40 bytes)
If this is of any use this is the logs for the startup of my strong swan
service:
Apr 25 09:47:44 RH7Standard systemd: Started strongSwan IPsec IKEv1/IKEv2
daemon using ipsec.conf.
Apr 25 09:47:44 RH7Standard systemd: Starting strongSwan IPsec IKEv1/IKEv2
daemon using ipsec.conf...
Apr 25 09:47:44 RH7Standard strongswan: Starting weakSwan 5.3.2 IPsec
[starter]...
Apr 25 09:47:44 RH7Standard charon: 00[DMN] Starting IKE charon daemon
(strongSwan 5.3.2, Linux 3.10.0-327.13.1.el7.x86_64, x86_64)
Apr 25 09:47:44 RH7Standard charon: 00[LIB] openssl FIPS mode(2) - enabled
Apr 25 09:47:44 RH7Standard charon: 00[LIB] created TUN device: ipsec0
Apr 25 09:47:44 RH7Standard NetworkManager[672]: <info> (ipsec0): link
connected
Apr 25 09:47:44 RH7Standard NetworkManager[672]: <info> (ipsec0): new Tun
device (carrier: ON, driver: 'tun', ifindex: 10)
Apr 25 09:47:44 RH7Standard charon: 00[NET] could not open socket: Address
family not supported by protocol
Apr 25 09:47:44 RH7Standard charon: 00[NET] could not open IPv6 socket,
IPv6 disabled
Apr 25 09:47:44 RH7Standard charon: 00[KNL] received netlink error:
Address family not supported by protocol (97)
Apr 25 09:47:44 RH7Standard charon: 00[KNL] unable to create IPv6 routing
table rule
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading ca certificates from
'/etc/strongswan/ipsec.d/cacerts'
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded ca certificate "C=US,
O=BSI, CN=RH7Standard.blansys.com" from
'/etc/strongswan/ipsec.d/cacerts/RH7Standard.SelfSigned.CA.cert.strongswanC
ert.der'
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded ca certificate "C=US,
O=BSI, CN=RH7Standard.blansys.com" from
'/etc/strongswan/ipsec.d/cacerts/RH7Standard.Converted.SelfSigned.CA.cert.p
em'
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading aa certificates from
'/etc/strongswan/ipsec.d/aacerts'
Apr 25 09:47:44 RH7Standard charon: 00[LIB] opening directory
'/etc/strongswan/ipsec.d/aacerts' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[CFG] reading directory failed
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading ocsp signer
certificates from '/etc/strongswan/ipsec.d/ocspcerts'
Apr 25 09:47:44 RH7Standard charon: 00[LIB] opening directory
'/etc/strongswan/ipsec.d/ocspcerts' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[CFG] reading directory failed
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading attribute certificates
from '/etc/strongswan/ipsec.d/acerts'
Apr 25 09:47:44 RH7Standard charon: 00[LIB] opening directory
'/etc/strongswan/ipsec.d/acerts' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[CFG] reading directory failed
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading crls from
'/etc/strongswan/ipsec.d/crls'
Apr 25 09:47:44 RH7Standard charon: 00[LIB] opening directory
'/etc/strongswan/ipsec.d/crls' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[CFG] reading directory failed
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loading secrets from
'/etc/strongswan/ipsec.secrets'
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded RSA private key from
'/etc/strongswan/ipsec.d/private/RH7Standard.vpnHostPrivateKey.der'
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded IKE secret for %any
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded EAP secret for judeo
%any
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded EAP secret for judeo
%any
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded IKE secret for judeo
%any
Apr 25 09:47:44 RH7Standard charon: 00[CFG] loaded 0 RADIUS server
configurations
Apr 25 09:47:44 RH7Standard charon: 00[TNC] MAP server certificate not
defined
Apr 25 09:47:44 RH7Standard charon: 00[TNC] TNC recommendation policy is
'default'
Apr 25 09:47:44 RH7Standard charon: 00[TNC] loading IMVs from
'/etc/tnc_config'
Apr 25 09:47:44 RH7Standard charon: 00[TNC] opening configuration file
'/etc/tnc_config' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[CFG] missing PDP server name, PDP
disabled
Apr 25 09:47:44 RH7Standard charon: 00[TNC] loading IMCs from
'/etc/tnc_config'
Apr 25 09:47:44 RH7Standard charon: 00[TNC] opening configuration file
'/etc/tnc_config' failed: No such file or directory
Apr 25 09:47:44 RH7Standard charon: 00[LIB] loaded plugins: charon aes des
rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert
pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp
xcbc cmac hmac ctr ccm curl sqlite attr kernel-libipsec kernel-netlink
resolve socket-default farp stroke vici updown eap-identity eap-md5
eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap eap-tnc
xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs
tnccs-20 tnccs-11 tnccs-dynamic dhcp
Apr 25 09:47:44 RH7Standard charon: 00[JOB] spawning 16 worker threads
Apr 25 09:47:44 RH7Standard strongswan: charon (11308) started after 80 ms
________________________________________
Jude Oliver
Support
1100 Poydras St. Suite 1230
New Orleans, LA 70163
Main Office: 504-529-8869
Joliver at blansys.com
www.blanchardsystems.com <http://www.blanchardsystems.com/>
-----------------------------------------------------
Join Blanchard Systems
2016 Tips and Tricks Training Webinars
Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training
webinars.
Click Here <http://www.blanchardsystems.com/events/> to view the schedule
and register for one of our upcoming events.
On 4/22/16, 10:48 AM, "Tobias Brunner" <tobias at strongswan.org> wrote:
>rightid="C=US, O=BSI, CN=judeo at blansys.com".
More information about the Users
mailing list