[strongSwan] IPSec vpmc PSK configuration issues

Fabian Dreßler fabian.dressler at me.com
Wed Jun 1 22:39:22 CEST 2016


Hi all,
I hope you can help me with my Strongswan Configuration. The goal is to
have a VPN Server for my Smartphone (Android) and my Computer (Ubuntu)
in America. (I am from Germany)
The problem is that I can't connect to the server. Because of this
syslog (Server) message I think thats a problem with the configuration.

    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[NET] received packet:
    from X.X.X.X[53089] to 172.31.56.231[500] (1302 bytes)
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[ENC] parsed AGGRESSIVE
    request 0 [ SA KE No ID V V V V V V V V V ]
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received XAuth
    vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received Cisco
    Unity vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received NAT-T (RFC
    3947) vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received
    draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received
    draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received
    draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[ENC] received unknown
    vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received
    draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] received DPD vendor ID
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] X.X.X.X is
    initiating a Aggressive Mode IKE_SA
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[CFG] looking for
    XAuthInitPSK peer configs matching 172.31.56.231...X.X.X.X[fabian]
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[IKE] no peer config found
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[ENC] generating
    INFORMATIONAL_V1 request 2765535231 [ N(AUTH_FAILED) ]
    Jun  1 20:33:49 ip-172-31-56-231 charon: 12[NET] sending packet:
    from 172.31.56.231[500] to X.X.X.X[53089] (56 bytes)

My configuration files:
//etc/ipsec.secret:
/

    172.31.56.231 %any : PSK "PASSWORD"
    fabian : XAUTH "PASSWORD"

//etc/ipsec.conf//:/

    conn fabian
     keyexchange=ikev1
     authby=xauthpsk
     xauth=server
     left=%defaultroute
     leftsubnet=0.0.0.0/0
     leftfirewall=yes
     right=%any
     rightsubnet=192.168.201.0/24
     rightsourceip=192.168.201.1/24
     rightdns=8.8.8.8
     auto=add
     leftauth=psk
     rightauth=psk
     rightauth2=xauth

On my computer I use vpnc (network-manager-vpnc-gnome) for the connection.
/syslog from the computer:
/

    /Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.8417] audit: op="connection-activate"
    uuid="821a00af-dd54-41c8-8715-552e9f5bef00" name="Amazon AWS"
    pid=2256 uid=1000 result="success"
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.8446]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: Started the VPN service, PID 7945
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.8568]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: Saw the service appear; activating connection
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.8575]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: state changed: init (1)
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: ** Message: vpnc
    started with pid 7956
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.9468]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: state changed: starting (3)
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.9468]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN connection: (ConnectInteractive) reply received
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.9576] manager: (tun0): new Tun device
    (/org/freedesktop/NetworkManager/Devices/14)
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.9634] devices added (path:
    /sys/devices/virtual/net/tun0, iface: tun0)
    Jun  1 22:38:26 Fabian-PC NetworkManager[918]: <info> 
    [1464813506.9636] device added (path: /sys/devices/virtual/net/tun0,
    iface: tun0): no ifupdown configuration found.
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: /usr/sbin/vpnc:
    response was invalid [1]:  (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <info> 
    [1464813507.0979] devices removed (path:
    /sys/devices/virtual/net/tun0, iface: tun0)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: **
    (nm-vpnc-service:7945): WARNING **: vpnc exited with error code 1
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <warn> 
    [1464813507.1125]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: failed: connect-failed (1)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <warn> 
    [1464813507.1127]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: failed: connect-failed (1)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <info> 
    [1464813507.1128]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: state changed: stopping (5)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <info> 
    [1464813507.1128]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: state changed: stopped (6)
    Jun  1 22:38:27 Fabian-PC NetworkManager[918]: <info> 
    [1464813507.1133]
    vpn-connection[0xaee3e0,821a00af-dd54-41c8-8715-552e9f5bef00,"Amazon
    AWS",0]: VPN plugin: state change reason: unknown (0)/


I hope that you can help me with this issue.

Thank you for a hint,
Fabian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160601/6f9e09f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160601/6f9e09f8/attachment-0001.sig>


More information about the Users mailing list