[strongSwan] Security Associations (0 up, 1 connecting)

Rod Simioni rod.simioni at biotrackthc.com
Mon Nov 28 17:06:11 CET 2016 

Hi,

I just compiled Linux strongSwan U5.5.1/K4.4.0-45-generic on my ubuntu
14.04 and I'm trying to connect to my VPN which I am the FW admin.

I'm getting this when I do a 'ipsec status' "Security Associations (0 up, 1
connecting)"
and I'm not able to access my VPN.

Below is the contents of ipsec.conf:

config setup


conn hq
        authby=secret
        auto=start
        type=tunnel
        left=%any
        right=99.xx.xx.xx
        # rightauth=psk
        # rightauth2=xauth
        rightsubnet=192.168.1.0/24
        # ikev2=no
        esp=aes256-sha1,modp1536


Below are the contents of my ipsec.secrets

@user_1 : XAUTH  "password"
%any  99.xx.xx.xx    : PSK "ThePSKpassword"

Below are meaningful contents of syslog:

Nov 28 10:54:26 ubuntu charon: 06[IKE] retransmit 5 of request with message
ID 0
Nov 28 10:54:26 ubuntu charon: 06[NET] sending packet: from
172.20.10.7[500] to 99.xx.xx.xx500] (804 bytes)
Nov 28 10:55:41 ubuntu charon: 11[IKE] giving up after 5 retransmits
Nov 28 10:55:41 ubuntu charon: 11[IKE] establishing IKE_SA failed, peer not
responding

Below are contents of 'ipsec statusall'

root at ubuntu:/usr/local/etc# /usr/local/sbin/ipsec statusall
Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.4.0-45-generic,
x86_64):
  uptime: 16 minutes, since Nov 28 10:47:26 2016
  malloc: sbrk 2433024, mmap 0, used 277712, free 2155312
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
  loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default
stroke vici updown xauth-generic
Listening IP addresses:
  172.20.10.7
Connections:
          hq:  %any...99.xx.xx.xx  IKEv1/2
          hq:   local:  uses pre-shared key authentication
          hq:   remote: [99.xx.xx.xx] uses pre-shared key authentication
          hq:   child:  dynamic === 192.168.1.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
  none



Thank you for your time and any help will be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161128/596b01b6/attachment.html>

More information about the Users mailing list