[strongSwan] Strongswan 5.2

Jayapal Reddy jayapalatiiit at gmail.com
Thu Jun 16 12:29:29 CEST 2016 

Hi,

I am trying strongswan 5.2.1 for the site to site vpn.
I have followed the config from the link[1] for the configuration. In my
setup the connection is failed to come up.

[1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/

Can some one please suggest what is going wrong. Below are the logs.

# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.




R1 config:
#auto=addpsec.conf - strongSwan IPsec configuration file

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    #authby=secret
    authby=psk

conn net-net
    left=10.147.46.103
    leftsubnet=10.10.0.0/16
    leftfirewall=yes
    right=10.147.46.112
    rightsubnet=10.20.0.0/16
    auto=add

# cat ipsec.secrets
10.147.46.112 10.147.46.103 : PSK "123456789"

R2 config:

# cat ipsec.conf

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret

conn net-net
    left=10.147.46.112
    leftsubnet=10.20.0.0/16
    leftfirewall=yes
    right=10.147.46.103
    rightsubnet=10.10.0.0/16
    auto=add
# cat ipsec.secrets
10.147.46.103 10.147.46.112 : PSK "123456789"


# ipsec up net-net
initiating Main Mode IKE_SA net-net[3] to 10.147.46.112
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)
invalid HASH_V1 payload length, decryption failed?
could not decrypt payloads
message parsing failed
ignore malformed INFORMATIONAL request
INFORMATIONAL_V1 request with message ID 867435333 processing failed


Thanks,
Jayapal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160616/9f61130d/attachment-0001.html>

More information about the Users mailing list