[strongSwan] ipsec - swanctl - problem

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Sat Dec 9 20:25:37 CET 2017 

You need to load the credentials too, using `swanctl -s`. Or just use `swanctl -q` to load everything from swanctl.conf.

On 09.12.2017 20:18, Thomas Will wrote:
> hello,
>
> i have problems to establish a vpn conn between strongswan 5.3 ubuntu and 5.5 centos
>
> one site use ipsec tool the other swanctl
>
> ipsec site
>
> */etc/ipse.secrets
> conn net
>     authby=secret
>     keyexchange=ikev1
>     left=10.84.252.32
>     leftsubnet=10.83.32.0/24
>     right=10.84.252.40
>     rightsubnet=10.83.40.0/24
>     ike=aes256-sha256-modp2048
>     esp=aes256-sha256-modp2048
>     ikelifetime=3h
>     keylife=1h
>     auto=start
>
> */etc/ipsec.secrets
> 10.84.252.32 10.84.252.40 : PSK "suxer"
>
> swanctl site
>
> */etc/strongswan/swanctl/swanctl.conf
> connections {
>    net {
>       local_addrs  = 10.84.252.40
>       remote_addrs  = 10.84.252.32
>       local {
>          auth = psk
>          id = 10.84.252.40
>       }
>       remote {
>          auth = psk
>          id = 10.84.252.32
>       }
>       children {
>          net-1 {
>             local_ts  = 10.83.40.0/24
>             remote_ts  = 10.83.32.0/24
>             start_action = start
>             esp_proposals = aes256-sha256-modp2048
>          }
>       }
>       version = 1
>       proposals = aes256-sha256-modp2048
>    }
> }
> secrets {
>    ike-net {
>       id = 10.84.252.32
>       secret = suxer
>    }
> }
>
> -----
>
> The swanctl site don't find a  shared key
>
> Sat, 2017-12-09 20:11 07[ENC] <net|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> Sat, 2017-12-09 20:11 07[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (396 bytes)
> Sat, 2017-12-09 20:11 09[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (396 bytes)
> Sat, 2017-12-09 20:11 09[ENC] <net|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> Sat, 2017-12-09 20:11 09[IKE] <net|1> no shared key found for '10.84.252.40'[10.84.252.40] - '10.84.252.32'[10.84.252.32]
> Sat, 2017-12-09 20:11 09[IKE] <net|1> no shared key found for 10.84.252.40 - 10.84.252.32
>
>
> I don't know why?
>
> here the full log
>
>
> *systemctl restart strongswan
>
> Sat, 2017-12-09 20:15 08[LIB] created thread 08 [1872]
> Sat, 2017-12-09 20:15 07[LIB] created thread 07 [1870]
> Sat, 2017-12-09 20:15 09[LIB] created thread 09 [1873]
> Sat, 2017-12-09 20:15 11[LIB] created thread 11 [1875]
> Sat, 2017-12-09 20:15 13[LIB] created thread 13 [1876]
> Sat, 2017-12-09 20:15 12[LIB] created thread 12 [1878]
> Sat, 2017-12-09 20:15 14[LIB] created thread 14 [1880]
> Sat, 2017-12-09 20:15 15[LIB] created thread 15 [1879]
> Sat, 2017-12-09 20:15 16[LIB] created thread 16 [1877]
> Sat, 2017-12-09 20:15 10[LIB] created thread 10 [1874]
> Sat, 2017-12-09 20:15 00[DMN] signal of type SIGINT received. Shutting down
> Sat, 2017-12-09 20:15 00[DMN] Starting IKE charon daemon (strongSwan 5.5.3, Linux 3.10.0-693.el7.x86_64, x86_64)
> Sat, 2017-12-09 20:15 00[LIB] plugin 'aes': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'des': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'rc2': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'sha2': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'sha1': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'md4': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'md5': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'random': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'nonce': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'x509': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'revocation': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'constraints': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'acert': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pubkey': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs1': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs8': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs12': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pgp': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'dnskey': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'sshkey': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'pem': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] openssl FIPS mode(2) - enabled
> Sat, 2017-12-09 20:15 00[LIB] plugin 'openssl': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'gcrypt': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'fips-prf': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'gmp': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'curve25519': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'xcbc': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'cmac': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'hmac': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'ctr': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'ccm': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'gcm': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'curl': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'attr': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'kernel-netlink': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'resolve': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'socket-default': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'farp': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'stroke': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'vici': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'updown': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-identity': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-md5': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-gtc': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-mschapv2': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-tls': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-ttls': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-peap': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-generic': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-eap': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-pam': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-noauth': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'dhcp': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] plugin 'unity': loaded successfully
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
> Sat, 2017-12-09 20:15 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
> Sat, 2017-12-09 20:15 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
> Sat, 2017-12-09 20:15 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
> Sat, 2017-12-09 20:15 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
> Sat, 2017-12-09 20:15 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
> Sat, 2017-12-09 20:15 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
> Sat, 2017-12-09 20:15 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
> Sat, 2017-12-09 20:15 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp unity
> Sat, 2017-12-09 20:15 00[LIB] unable to load 13 plugin features (13 due to unmet dependencies)
> Sat, 2017-12-09 20:15 00[JOB] spawning 16 worker threads
> Sat, 2017-12-09 20:15 01[LIB] created thread 01 [1899]
> Sat, 2017-12-09 20:15 02[LIB] created thread 02 [1902]
> Sat, 2017-12-09 20:15 03[LIB] created thread 03 [1903]
> Sat, 2017-12-09 20:15 05[LIB] created thread 05 [1901]
> Sat, 2017-12-09 20:15 07[LIB] created thread 07 [1905]
> Sat, 2017-12-09 20:15 08[LIB] created thread 08 [1906]
> Sat, 2017-12-09 20:15 06[LIB] created thread 06 [1904]
> Sat, 2017-12-09 20:15 10[LIB] created thread 10 [1910]
> Sat, 2017-12-09 20:15 12[LIB] created thread 12 [1909]
> Sat, 2017-12-09 20:15 09[LIB] created thread 09 [1907]
> Sat, 2017-12-09 20:15 11[LIB] created thread 11 [1908]
> Sat, 2017-12-09 20:15 04[LIB] created thread 04 [1900]
> Sat, 2017-12-09 20:15 13[LIB] created thread 13 [1911]
> Sat, 2017-12-09 20:15 15[LIB] created thread 15 [1913]
> Sat, 2017-12-09 20:15 14[LIB] created thread 14 [1912]
>
>
>
>
>
> *swanctl -c
>
>
> Sat, 2017-12-09 20:16 15[CFG] vici client 1 connected
> Sat, 2017-12-09 20:16 06[CFG] vici client 1 requests: get-conns
> Sat, 2017-12-09 20:16 14[CFG] vici client 1 requests: load-conn
> Sat, 2017-12-09 20:16 14[CFG]  conn net:
> Sat, 2017-12-09 20:16 14[CFG]   child net-1:
> Sat, 2017-12-09 20:16 14[CFG]    rekey_time = 3600
> Sat, 2017-12-09 20:16 14[CFG]    life_time = 3960
> Sat, 2017-12-09 20:16 14[CFG]    rand_time = 360
> Sat, 2017-12-09 20:16 14[CFG]    rekey_bytes = 0
> Sat, 2017-12-09 20:16 14[CFG]    life_bytes = 0
> Sat, 2017-12-09 20:16 14[CFG]    rand_bytes = 0
> Sat, 2017-12-09 20:16 14[CFG]    rekey_packets = 0
> Sat, 2017-12-09 20:16 14[CFG]    life_packets = 0
> Sat, 2017-12-09 20:16 14[CFG]    rand_packets = 0
> Sat, 2017-12-09 20:16 14[CFG]    updown = (null)
> Sat, 2017-12-09 20:16 14[CFG]    hostaccess = 0
> Sat, 2017-12-09 20:16 14[CFG]    ipcomp = 0
> Sat, 2017-12-09 20:16 14[CFG]    mode = TUNNEL
> Sat, 2017-12-09 20:16 14[CFG]    policies = 1
> Sat, 2017-12-09 20:16 14[CFG]    policies_fwd_out = 0
> Sat, 2017-12-09 20:16 14[CFG]    dpd_action = clear
> Sat, 2017-12-09 20:16 14[CFG]    start_action = restart
> Sat, 2017-12-09 20:16 14[CFG]    close_action = clear
> Sat, 2017-12-09 20:16 14[CFG]    reqid = 0
> Sat, 2017-12-09 20:16 14[CFG]    tfc = 0
> Sat, 2017-12-09 20:16 14[CFG]    priority = 0
> Sat, 2017-12-09 20:16 14[CFG]    interface = (null)
> Sat, 2017-12-09 20:16 14[CFG]    mark_in = 0/0
> Sat, 2017-12-09 20:16 14[CFG]    mark_out = 0/0
> Sat, 2017-12-09 20:16 14[CFG]    inactivity = 0
> Sat, 2017-12-09 20:16 14[CFG]    proposals = ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
> Sat, 2017-12-09 20:16 14[CFG]    local_ts = 10.83.40.0/24
> Sat, 2017-12-09 20:16 14[CFG]    remote_ts = 10.83.32.0/24
> Sat, 2017-12-09 20:16 14[CFG]    hw_offload = 0
> Sat, 2017-12-09 20:16 14[CFG]    sha256_96 = 0
> Sat, 2017-12-09 20:16 14[CFG]   version = 1
> Sat, 2017-12-09 20:16 14[CFG]   local_addrs = 10.84.252.40
> Sat, 2017-12-09 20:16 14[CFG]   remote_addrs = 10.84.252.32
> Sat, 2017-12-09 20:16 14[CFG]   local_port = 500
> Sat, 2017-12-09 20:16 14[CFG]   remote_port = 500
> Sat, 2017-12-09 20:16 14[CFG]   send_certreq = 1
> Sat, 2017-12-09 20:16 14[CFG]   send_cert = CERT_SEND_IF_ASKED
> Sat, 2017-12-09 20:16 14[CFG]   mobike = 1
> Sat, 2017-12-09 20:16 14[CFG]   aggressive = 0
> Sat, 2017-12-09 20:16 14[CFG]   dscp = 0x00
> Sat, 2017-12-09 20:16 14[CFG]   encap = 0
> Sat, 2017-12-09 20:16 14[CFG]   dpd_delay = 0
> Sat, 2017-12-09 20:16 14[CFG]   dpd_timeout = 0
> Sat, 2017-12-09 20:16 14[CFG]   fragmentation = 2
> Sat, 2017-12-09 20:16 14[CFG]   unique = UNIQUE_NO
> Sat, 2017-12-09 20:16 14[CFG]   keyingtries = 1
> Sat, 2017-12-09 20:16 14[CFG]   reauth_time = 0
> Sat, 2017-12-09 20:16 14[CFG]   rekey_time = 14400
> Sat, 2017-12-09 20:16 14[CFG]   over_time = 1440
> Sat, 2017-12-09 20:16 14[CFG]   rand_time = 1440
> Sat, 2017-12-09 20:16 14[CFG]   proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> Sat, 2017-12-09 20:16 14[CFG]   local:
> Sat, 2017-12-09 20:16 14[CFG]    id = 10.84.252.40
> Sat, 2017-12-09 20:16 14[CFG]    class = pre-shared key
> Sat, 2017-12-09 20:16 14[CFG]   remote:
> Sat, 2017-12-09 20:16 14[CFG]    id = 10.84.252.32
> Sat, 2017-12-09 20:16 14[CFG]    class = pre-shared key
> Sat, 2017-12-09 20:16 14[CFG] added vici connection: net
> Sat, 2017-12-09 20:16 14[CFG] initiating 'net-1'
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_VENDOR task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_CERT_PRE task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing MAIN_MODE task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_CERT_POST task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_NATD task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing QUICK_MODE task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> activating new tasks
> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_VENDOR task
> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_CERT_PRE task
> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating MAIN_MODE task
> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_CERT_POST task
> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_NATD task
> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending XAuth vendor ID
> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending DPD vendor ID
> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending FRAGMENTATION vendor ID
> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending NAT-T (RFC 3947) vendor ID
> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> Sat, 2017-12-09 20:16 14[IKE] <net|1> initiating Main Mode IKE_SA net[1] to 10.84.252.32
> Sat, 2017-12-09 20:16 14[IKE] <net|1> IKE_SA net[1] state change: CREATED => CONNECTING
> Sat, 2017-12-09 20:16 14[CFG] <net|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> Sat, 2017-12-09 20:16 14[ENC] <net|1> generating ID_PROT request 0 [ SA V V V V V ]
> Sat, 2017-12-09 20:16 14[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (180 bytes)
> Sat, 2017-12-09 20:16 07[CFG] vici client 1 disconnected
> Sat, 2017-12-09 20:16 08[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (136 bytes)
> Sat, 2017-12-09 20:16 08[ENC] <net|1> parsed ID_PROT response 0 [ SA V V V ]
> Sat, 2017-12-09 20:16 08[IKE] <net|1> received XAuth vendor ID
> Sat, 2017-12-09 20:16 08[IKE] <net|1> received DPD vendor ID
> Sat, 2017-12-09 20:16 08[IKE] <net|1> received NAT-T (RFC 3947) vendor ID
> Sat, 2017-12-09 20:16 08[CFG] <net|1> selecting proposal:
> Sat, 2017-12-09 20:16 08[CFG] <net|1>   proposal matches
> Sat, 2017-12-09 20:16 08[CFG] <net|1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> Sat, 2017-12-09 20:16 08[CFG] <net|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> Sat, 2017-12-09 20:16 08[CFG] <net|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> Sat, 2017-12-09 20:16 08[IKE] <net|1> reinitiating already active tasks
> Sat, 2017-12-09 20:16 08[IKE] <net|1>   ISAKMP_VENDOR task
> Sat, 2017-12-09 20:16 08[IKE] <net|1>   MAIN_MODE task
> Sat, 2017-12-09 20:16 08[LIB] <net|1> size of DH secret exponent: 2047 bits
> Sat, 2017-12-09 20:16 08[ENC] <net|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> Sat, 2017-12-09 20:16 08[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (396 bytes)
> Sat, 2017-12-09 20:16 15[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (396 bytes)
> Sat, 2017-12-09 20:16 15[ENC] <net|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> Sat, 2017-12-09 20:16 15[IKE] <net|1> no shared key found for '10.84.252.40'[10.84.252.40] - '10.84.252.32'[10.84.252.32]
> Sat, 2017-12-09 20:16 15[IKE] <net|1> no shared key found for 10.84.252.40 - 10.84.252.32
> Sat, 2017-12-09 20:16 15[IKE] <net|1> queueing INFORMATIONAL task
> Sat, 2017-12-09 20:16 15[IKE] <net|1> activating new tasks
> Sat, 2017-12-09 20:16 15[IKE] <net|1>   activating INFORMATIONAL task
> Sat, 2017-12-09 20:16 15[ENC] <net|1> generating INFORMATIONAL_V1 request 3102880303 [ N(INVAL_KE) ]
> Sat, 2017-12-09 20:16 15[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (56 bytes)
> Sat, 2017-12-09 20:16 15[IKE] <net|1> IKE_SA net[1] state change: CONNECTING => DESTROYING
>
>
>
> any ideas?
>
>
> regards
>
>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171209/2849c462/attachment-0001.sig>

More information about the Users mailing list