[strongSwan] Strongswan 5.2
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jun 16 13:05:04 CEST 2016
It looks as if the PSK is not the same on the other endpoint.
Regards
Andreas
On 16.06.2016 12:29, Jayapal Reddy wrote:
> Hi,
>
> I am trying strongswan 5.2.1 for the site to site vpn.
> I have followed the config from the link[1] for the configuration. In my
> setup the connection is failed to come up.
>
> [1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/
>
> Can some one please suggest what is going wrong. Below are the logs.
>
> # ipsec --version
> Linux strongSwan U5.2.1/K3.2.0-4-amd64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
>
>
>
>
> R1 config:
> #auto=addpsec.conf - strongSwan IPsec configuration file
>
> config setup
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev1
> #authby=secret
> authby=psk
>
> conn net-net
> left=10.147.46.103
> leftsubnet=10.10.0.0/16 <http://10.10.0.0/16>
> leftfirewall=yes
> right=10.147.46.112
> rightsubnet=10.20.0.0/16 <http://10.20.0.0/16>
> auto=add
>
> # cat ipsec.secrets
> 10.147.46.112 10.147.46.103 : PSK "123456789"
>
> R2 config:
>
> # cat ipsec.conf
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev1
> authby=secret
>
> conn net-net
> left=10.147.46.112
> leftsubnet=10.20.0.0/16 <http://10.20.0.0/16>
> leftfirewall=yes
> right=10.147.46.103
> rightsubnet=10.10.0.0/16 <http://10.10.0.0/16>
> auto=add
> # cat ipsec.secrets
> 10.147.46.103 10.147.46.112 : PSK "123456789"
>
>
> # ipsec up net-net
> initiating Main Mode IKE_SA net-net[3] to 10.147.46.112
> generating ID_PROT request 0 [ SA V V V V ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes)
> parsed ID_PROT response 0 [ SA V V V ]
> received XAuth vendor ID
> received DPD vendor ID
> received NAT-T (RFC 3947) vendor ID
> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes)
> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> generating ID_PROT request 0 [ ID HASH ]
> sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)
> received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)
> invalid HASH_V1 payload length, decryption failed?
> could not decrypt payloads
> message parsing failed
> ignore malformed INFORMATIONAL request
> INFORMATIONAL_V1 request with message ID 867435333 processing failed
>
>
> Thanks,
> Jayapal
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160616/d5aa5513/attachment.bin>
More information about the Users
mailing list