[strongSwan] Using XAuth and PSK from Linux to Zywall router/firewall
Rod Simioni
rod.simioni at biotrackthc.com
Thu Dec 1 19:52:54 CET 2016
Hi,
I just compiled Linux strongSwan U5.5.1/K4.4.0-45-generic on my ubuntu
14.04 and I'm trying to connect to my VPN which I am the FW admin.
I'm getting this when I do a 'ipsec status' "Security Associations (0 up, 1
connecting)"
and I'm not able to access my VPN.
Below is the contents of ipsec.conf:
config setup
conn hq
authby=secret
auto=start
type=tunnel
left=%any
right=99.xx.xx.xx
# rightauth=psk
# rightauth2=xauth
rightsubnet=192.168.1.0/24
# ikev2=no
esp=aes256-sha1,modp1536
Below are the contents of my ipsec.secrets
@user_1 : XAUTH "password"
%any 99.xx.xx.xx : PSK "ThePSKpassword"
Below are meaningful contents of syslog:
Nov 28 10:54:26 ubuntu charon: 06[IKE] retransmit 5 of request with message
ID 0
Nov 28 10:54:26 ubuntu charon: 06[NET] sending packet: from
172.20.10.7[500] to 99.xx.xx.xx500] (804 bytes)
Nov 28 10:55:41 ubuntu charon: 11[IKE] giving up after 5 retransmits
Nov 28 10:55:41 ubuntu charon: 11[IKE] establishing IKE_SA failed, peer not
responding
Below are contents of 'ipsec statusall'
root at ubuntu:/usr/local/etc# /usr/local/sbin/ipsec statusall
Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.4.0-45-generic,
x86_64):
uptime: 16 minutes, since Nov 28 10:47:26 2016
malloc: sbrk 2433024, mmap 0, used 277712, free 2155312
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default
stroke vici updown xauth-generic
Listening IP addresses:
172.20.10.7
Connections:
hq: %any...99.xx.xx.xx IKEv1/2
hq: local: uses pre-shared key authentication
hq: remote: [99.xx.xx.xx] uses pre-shared key authentication
hq: child: dynamic === 192.168.1.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
none
Thanks for your time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161201/2c5e7d93/attachment.html>
More information about the Users
mailing list