[strongSwan] ipsec - swanctl - problem

Sat Dec 9 21:04:18 CET 2017

perfect ..
    start-scripts {
               swanctl = /usr/sbin/swanctl -q
         }
Am 09/12/17 um 20:50 schrieb Noel Kuntze:
> 1. For what? Using the swanctl tool?
> 2. You can make charon load it by itself using the charon.start-scripts setting in strongswan.conf.
>     Read the manual.
>
> On 09.12.2017 20:36, Thomas Will wrote:
>> Thank you very much ... It works ...
>>
>> another two questions:
>>
>> 1. is there a step by step howto
>>
>> 2. is there are an option to load the conns after the systemstart?
>>
>> regards
>>
>> Am 09/12/17 um 20:25 schrieb Noel Kuntze:
>>> You need to load the credentials too, using `swanctl -s`. Or just use `swanctl -q` to load everything from swanctl.conf.
>>>
>>> On 09.12.2017 20:18, Thomas Will wrote:
>>>> hello,
>>>>
>>>> i have problems to establish a vpn conn between strongswan 5.3 ubuntu and 5.5 centos
>>>>
>>>> one site use ipsec tool the other swanctl
>>>>
>>>> ipsec site
>>>>
>>>> */etc/ipse.secrets
>>>> conn net
>>>>       authby=secret
>>>>       keyexchange=ikev1
>>>>       left=10.84.252.32
>>>>       leftsubnet=10.83.32.0/24
>>>>       right=10.84.252.40
>>>>       rightsubnet=10.83.40.0/24
>>>>       ike=aes256-sha256-modp2048
>>>>       esp=aes256-sha256-modp2048
>>>>       ikelifetime=3h
>>>>       keylife=1h
>>>>       auto=start
>>>>
>>>> */etc/ipsec.secrets
>>>> 10.84.252.32 10.84.252.40 : PSK "suxer"
>>>>
>>>> swanctl site
>>>>
>>>> */etc/strongswan/swanctl/swanctl.conf
>>>> connections {
>>>>      net {
>>>>         local_addrs  = 10.84.252.40
>>>>         remote_addrs  = 10.84.252.32
>>>>         local {
>>>>            auth = psk
>>>>            id = 10.84.252.40
>>>>         }
>>>>         remote {
>>>>            auth = psk
>>>>            id = 10.84.252.32
>>>>         }
>>>>         children {
>>>>            net-1 {
>>>>               local_ts  = 10.83.40.0/24
>>>>               remote_ts  = 10.83.32.0/24
>>>>               start_action = start
>>>>               esp_proposals = aes256-sha256-modp2048
>>>>            }
>>>>         }
>>>>         version = 1
>>>>         proposals = aes256-sha256-modp2048
>>>>      }
>>>> }
>>>> secrets {
>>>>      ike-net {
>>>>         id = 10.84.252.32
>>>>         secret = suxer
>>>>      }
>>>> }
>>>>
>>>> -----
>>>>
>>>> The swanctl site don't find a  shared key
>>>>
>>>> Sat, 2017-12-09 20:11 07[ENC] <net|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
>>>> Sat, 2017-12-09 20:11 07[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (396 bytes)
>>>> Sat, 2017-12-09 20:11 09[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (396 bytes)
>>>> Sat, 2017-12-09 20:11 09[ENC] <net|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
>>>> Sat, 2017-12-09 20:11 09[IKE] <net|1> no shared key found for '10.84.252.40'[10.84.252.40] - '10.84.252.32'[10.84.252.32]
>>>> Sat, 2017-12-09 20:11 09[IKE] <net|1> no shared key found for 10.84.252.40 - 10.84.252.32
>>>>
>>>>
>>>> I don't know why?
>>>>
>>>> here the full log
>>>>
>>>>
>>>> *systemctl restart strongswan
>>>>
>>>> Sat, 2017-12-09 20:15 08[LIB] created thread 08 [1872]
>>>> Sat, 2017-12-09 20:15 07[LIB] created thread 07 [1870]
>>>> Sat, 2017-12-09 20:15 09[LIB] created thread 09 [1873]
>>>> Sat, 2017-12-09 20:15 11[LIB] created thread 11 [1875]
>>>> Sat, 2017-12-09 20:15 13[LIB] created thread 13 [1876]
>>>> Sat, 2017-12-09 20:15 12[LIB] created thread 12 [1878]
>>>> Sat, 2017-12-09 20:15 14[LIB] created thread 14 [1880]
>>>> Sat, 2017-12-09 20:15 15[LIB] created thread 15 [1879]
>>>> Sat, 2017-12-09 20:15 16[LIB] created thread 16 [1877]
>>>> Sat, 2017-12-09 20:15 10[LIB] created thread 10 [1874]
>>>> Sat, 2017-12-09 20:15 00[DMN] signal of type SIGINT received. Shutting down
>>>> Sat, 2017-12-09 20:15 00[DMN] Starting IKE charon daemon (strongSwan 5.5.3, Linux 3.10.0-693.el7.x86_64, x86_64)
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'aes': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'des': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'rc2': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'sha2': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'sha1': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'md4': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'md5': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'random': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'nonce': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'x509': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'revocation': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'constraints': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'acert': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pubkey': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs1': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs8': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pkcs12': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pgp': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'dnskey': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'sshkey': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'pem': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] openssl FIPS mode(2) - enabled
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'openssl': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'gcrypt': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'fips-prf': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'gmp': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'curve25519': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'xcbc': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'cmac': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'hmac': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'ctr': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'ccm': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'gcm': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'curl': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'attr': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'kernel-netlink': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'resolve': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'socket-default': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'farp': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'stroke': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'vici': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'updown': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-identity': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-md5': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-gtc': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-mschapv2': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-tls': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-ttls': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'eap-peap': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-generic': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-eap': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-pam': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'xauth-noauth': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'dhcp': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] plugin 'unity': loaded successfully
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
>>>> Sat, 2017-12-09 20:15 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
>>>> Sat, 2017-12-09 20:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
>>>> Sat, 2017-12-09 20:15 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
>>>> Sat, 2017-12-09 20:15 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
>>>> Sat, 2017-12-09 20:15 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
>>>> Sat, 2017-12-09 20:15 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
>>>> Sat, 2017-12-09 20:15 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
>>>> Sat, 2017-12-09 20:15 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
>>>> Sat, 2017-12-09 20:15 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp unity
>>>> Sat, 2017-12-09 20:15 00[LIB] unable to load 13 plugin features (13 due to unmet dependencies)
>>>> Sat, 2017-12-09 20:15 00[JOB] spawning 16 worker threads
>>>> Sat, 2017-12-09 20:15 01[LIB] created thread 01 [1899]
>>>> Sat, 2017-12-09 20:15 02[LIB] created thread 02 [1902]
>>>> Sat, 2017-12-09 20:15 03[LIB] created thread 03 [1903]
>>>> Sat, 2017-12-09 20:15 05[LIB] created thread 05 [1901]
>>>> Sat, 2017-12-09 20:15 07[LIB] created thread 07 [1905]
>>>> Sat, 2017-12-09 20:15 08[LIB] created thread 08 [1906]
>>>> Sat, 2017-12-09 20:15 06[LIB] created thread 06 [1904]
>>>> Sat, 2017-12-09 20:15 10[LIB] created thread 10 [1910]
>>>> Sat, 2017-12-09 20:15 12[LIB] created thread 12 [1909]
>>>> Sat, 2017-12-09 20:15 09[LIB] created thread 09 [1907]
>>>> Sat, 2017-12-09 20:15 11[LIB] created thread 11 [1908]
>>>> Sat, 2017-12-09 20:15 04[LIB] created thread 04 [1900]
>>>> Sat, 2017-12-09 20:15 13[LIB] created thread 13 [1911]
>>>> Sat, 2017-12-09 20:15 15[LIB] created thread 15 [1913]
>>>> Sat, 2017-12-09 20:15 14[LIB] created thread 14 [1912]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *swanctl -c
>>>>
>>>>
>>>> Sat, 2017-12-09 20:16 15[CFG] vici client 1 connected
>>>> Sat, 2017-12-09 20:16 06[CFG] vici client 1 requests: get-conns
>>>> Sat, 2017-12-09 20:16 14[CFG] vici client 1 requests: load-conn
>>>> Sat, 2017-12-09 20:16 14[CFG]  conn net:
>>>> Sat, 2017-12-09 20:16 14[CFG]   child net-1:
>>>> Sat, 2017-12-09 20:16 14[CFG]    rekey_time = 3600
>>>> Sat, 2017-12-09 20:16 14[CFG]    life_time = 3960
>>>> Sat, 2017-12-09 20:16 14[CFG]    rand_time = 360
>>>> Sat, 2017-12-09 20:16 14[CFG]    rekey_bytes = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    life_bytes = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    rand_bytes = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    rekey_packets = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    life_packets = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    rand_packets = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    updown = (null)
>>>> Sat, 2017-12-09 20:16 14[CFG]    hostaccess = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    ipcomp = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    mode = TUNNEL
>>>> Sat, 2017-12-09 20:16 14[CFG]    policies = 1
>>>> Sat, 2017-12-09 20:16 14[CFG]    policies_fwd_out = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    dpd_action = clear
>>>> Sat, 2017-12-09 20:16 14[CFG]    start_action = restart
>>>> Sat, 2017-12-09 20:16 14[CFG]    close_action = clear
>>>> Sat, 2017-12-09 20:16 14[CFG]    reqid = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    tfc = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    priority = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    interface = (null)
>>>> Sat, 2017-12-09 20:16 14[CFG]    mark_in = 0/0
>>>> Sat, 2017-12-09 20:16 14[CFG]    mark_out = 0/0
>>>> Sat, 2017-12-09 20:16 14[CFG]    inactivity = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    proposals = ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
>>>> Sat, 2017-12-09 20:16 14[CFG]    local_ts = 10.83.40.0/24
>>>> Sat, 2017-12-09 20:16 14[CFG]    remote_ts = 10.83.32.0/24
>>>> Sat, 2017-12-09 20:16 14[CFG]    hw_offload = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]    sha256_96 = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   version = 1
>>>> Sat, 2017-12-09 20:16 14[CFG]   local_addrs = 10.84.252.40
>>>> Sat, 2017-12-09 20:16 14[CFG]   remote_addrs = 10.84.252.32
>>>> Sat, 2017-12-09 20:16 14[CFG]   local_port = 500
>>>> Sat, 2017-12-09 20:16 14[CFG]   remote_port = 500
>>>> Sat, 2017-12-09 20:16 14[CFG]   send_certreq = 1
>>>> Sat, 2017-12-09 20:16 14[CFG]   send_cert = CERT_SEND_IF_ASKED
>>>> Sat, 2017-12-09 20:16 14[CFG]   mobike = 1
>>>> Sat, 2017-12-09 20:16 14[CFG]   aggressive = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   dscp = 0x00
>>>> Sat, 2017-12-09 20:16 14[CFG]   encap = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   dpd_delay = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   dpd_timeout = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   fragmentation = 2
>>>> Sat, 2017-12-09 20:16 14[CFG]   unique = UNIQUE_NO
>>>> Sat, 2017-12-09 20:16 14[CFG]   keyingtries = 1
>>>> Sat, 2017-12-09 20:16 14[CFG]   reauth_time = 0
>>>> Sat, 2017-12-09 20:16 14[CFG]   rekey_time = 14400
>>>> Sat, 2017-12-09 20:16 14[CFG]   over_time = 1440
>>>> Sat, 2017-12-09 20:16 14[CFG]   rand_time = 1440
>>>> Sat, 2017-12-09 20:16 14[CFG]   proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>>>> Sat, 2017-12-09 20:16 14[CFG]   local:
>>>> Sat, 2017-12-09 20:16 14[CFG]    id = 10.84.252.40
>>>> Sat, 2017-12-09 20:16 14[CFG]    class = pre-shared key
>>>> Sat, 2017-12-09 20:16 14[CFG]   remote:
>>>> Sat, 2017-12-09 20:16 14[CFG]    id = 10.84.252.32
>>>> Sat, 2017-12-09 20:16 14[CFG]    class = pre-shared key
>>>> Sat, 2017-12-09 20:16 14[CFG] added vici connection: net
>>>> Sat, 2017-12-09 20:16 14[CFG] initiating 'net-1'
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_VENDOR task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_CERT_PRE task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing MAIN_MODE task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_CERT_POST task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing ISAKMP_NATD task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> queueing QUICK_MODE task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> activating new tasks
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_VENDOR task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_CERT_PRE task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating MAIN_MODE task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_CERT_POST task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1>   activating ISAKMP_NATD task
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending XAuth vendor ID
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending DPD vendor ID
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending FRAGMENTATION vendor ID
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending NAT-T (RFC 3947) vendor ID
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> initiating Main Mode IKE_SA net[1] to 10.84.252.32
>>>> Sat, 2017-12-09 20:16 14[IKE] <net|1> IKE_SA net[1] state change: CREATED => CONNECTING
>>>> Sat, 2017-12-09 20:16 14[CFG] <net|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>>>> Sat, 2017-12-09 20:16 14[ENC] <net|1> generating ID_PROT request 0 [ SA V V V V V ]
>>>> Sat, 2017-12-09 20:16 14[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (180 bytes)
>>>> Sat, 2017-12-09 20:16 07[CFG] vici client 1 disconnected
>>>> Sat, 2017-12-09 20:16 08[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (136 bytes)
>>>> Sat, 2017-12-09 20:16 08[ENC] <net|1> parsed ID_PROT response 0 [ SA V V V ]
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1> received XAuth vendor ID
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1> received DPD vendor ID
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1> received NAT-T (RFC 3947) vendor ID
>>>> Sat, 2017-12-09 20:16 08[CFG] <net|1> selecting proposal:
>>>> Sat, 2017-12-09 20:16 08[CFG] <net|1>   proposal matches
>>>> Sat, 2017-12-09 20:16 08[CFG] <net|1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>>>> Sat, 2017-12-09 20:16 08[CFG] <net|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>>>> Sat, 2017-12-09 20:16 08[CFG] <net|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1> reinitiating already active tasks
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1>   ISAKMP_VENDOR task
>>>> Sat, 2017-12-09 20:16 08[IKE] <net|1>   MAIN_MODE task
>>>> Sat, 2017-12-09 20:16 08[LIB] <net|1> size of DH secret exponent: 2047 bits
>>>> Sat, 2017-12-09 20:16 08[ENC] <net|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
>>>> Sat, 2017-12-09 20:16 08[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (396 bytes)
>>>> Sat, 2017-12-09 20:16 15[NET] <net|1> received packet: from 10.84.252.32[500] to 10.84.252.40[500] (396 bytes)
>>>> Sat, 2017-12-09 20:16 15[ENC] <net|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1> no shared key found for '10.84.252.40'[10.84.252.40] - '10.84.252.32'[10.84.252.32]
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1> no shared key found for 10.84.252.40 - 10.84.252.32
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1> queueing INFORMATIONAL task
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1> activating new tasks
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1>   activating INFORMATIONAL task
>>>> Sat, 2017-12-09 20:16 15[ENC] <net|1> generating INFORMATIONAL_V1 request 3102880303 [ N(INVAL_KE) ]
>>>> Sat, 2017-12-09 20:16 15[NET] <net|1> sending packet: from 10.84.252.40[500] to 10.84.252.32[500] (56 bytes)
>>>> Sat, 2017-12-09 20:16 15[IKE] <net|1> IKE_SA net[1] state change: CONNECTING => DESTROYING
>>>>
>>>>
>>>>
>>>> any ideas?
>>>>
>>>>
>>>> regards
>>>>
>>>>
>>>>
>>>>

-- 
Thomas Will

Xinux e.K.
Wichernstrasse 18
66482 Zweibruecken

Registergericht
Amtsgericht Zweibruecken
HRA 1518

P: +49 6332 44040
F: +49 6332 899227
M: +49 170 5218548
M: +49 176 97497102

E: thomas.will at xinux.de
W: http://www.xinux.de