[strongSwan] parsed ID_PROT response 0 [ KE No ]

Lakshmi Prasanna lakshmi.1147 at gmail.com
Tue Aug 2 11:45:45 CEST 2016 

bash-4.2# ipsec up 9.11.53.11-9.11.120.120-0-1812

initiating Main Mode IKE_SA 9.11.53.11-9.11.120.120-0-1812[1] to
9.11.120.120

generating ID_PROT request 0 [ SA V V V V ]

sending packet: from 9.11.53.11[500] to 9.11.120.120[500] (156 bytes)

received packet: from 9.11.120.120[500] to 9.11.53.11[500] (136 bytes)

parsed ID_PROT response 0 [ SA V V V ]

received strongSwan vendor ID

received XAuth vendor ID

received DPD vendor ID

generating ID_PROT request 0 [ KE No ]

sending packet: from 9.11.53.11[500] to 9.11.120.120[500] (132 bytes)

received packet: from 9.11.120.120[500] to 9.11.53.11[500] (116 bytes)

parsed ID_PROT response 0 [ KE No ]

There is no more logs beyond this and my wireshark capture stops at MM2.

- Lakshmi

On Tue, Aug 2, 2016 at 3:12 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Well then without a log to diagnose I cannot help you further.
>
> Andreas
>
> On 02.08.2016 11:38, Lakshmi Prasanna wrote:
> > Hi Andreas,
> >
> > Thanks for the quick reply. I do see that the openssl plugin is loaded.
> >
> > *  loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
> > revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
> > pem _openssl_ fips-prf xcbc cmac hmac attr kernel-netlink resolve
> > socket-default stroke updown xauth-generic*
> >
> > Do you think there is something else that I might need to check?
> >
> > Thanks,
> >
> > Lakshmi
> >
> >
> > On Tue, Aug 2, 2016 at 2:56 PM, Andreas Steffen
> > <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> > wrote:
> >
> >     Hi Lakshmi,
> >
> >     ECP256 requires the openssl plugin which is not compiled by default.
> >     Make sure that the openssl plugin is present and has been loaded
> >     by the charon daemon. The ipsec statusall command returns a list of
> >     all loaded plugins.
> >
> >     BTW - the pfs parameter has been deprecated. Please use the esp
> >           parameter as you have correctly done.g
> >
> >     Regards
> >
> >     Andreas
> >
> >     On 02.08.2016 08:48, Lakshmi Prasanna wrote:
> >     > Hello,
> >     >
> >     > While trying to test strongswan with IKE DH group-19, the
> negotiation
> >     > somehow doesn't go past main mode 2. There is however no log to
> >     describe
> >     > the error that prevents the negotiation.
> >     >
> >     > Could someone post some insight? My configs looks like this:
> >     >
> >     > keyexchange=ikev1
> >     >
> >     >         type=transport
> >     >
> >     >         ikelifetime=480m
> >     >
> >     > ike=aes256-sha256-ecp256!
> >     >
> >     > esp=aes256-sha256!
> >     >
> >     > left=9.11.120.120
> >     >
> >     >         leftprotoport=17/1812
> >     >
> >     >         right=9.11.53.11
> >     >
> >     >         rightprotoport=17/0-1812
> >     >
> >     >         pfs=no
> >     >
> >     >         authby=psk
> >     >
> >     >         auto=add
> >     >
> >     >
> >     > Thanks,
> >     >
> >     > Lakshmi
> >     >
> >     >
> >     >
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > Users mailing list
> >     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> >     > https://lists.strongswan.org/mailman/listinfo/users
> >     >
> >
> >     --
> >
>  ======================================================================
> >     Andreas Steffen
> >      andreas.steffen at strongswan.org <mailto:
> andreas.steffen at strongswan.org>
> >     strongSwan - the Open Source VPN Solution!
> >     www.strongswan.org <http://www.strongswan.org>
> >     Institute for Internet Technologies and Applications
> >     University of Applied Sciences Rapperswil
> >     CH-8640 Rapperswil (Switzerland)
> >
>  ===========================================================[ITA-HSR]==
> >
> >
>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution!          www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160802/451f15a7/attachment.html>

More information about the Users mailing list