[strongSwan] Dynamic IPsec between Strongswan and Juniper MX with MS Card doesnt work
Noel Kuntze
noel at familie-kuntze.de
Mon Mar 20 22:42:24 CET 2017
Hello Yaniv
On 20.03.2017 18:08, Yaniv Michalovski wrote:
> Hi,
> I'm trying to configure Dynamic IPsec between Strongswan and Juniper MX with MS Card but with no success the following is the Juniper configuration and Strongswan's -ipsec.conf
"Dynamic IPsec"?
> leftsubnet=172.16.1.0/24[gre]
> rightsubnet=172.16.2.0/24[gre
This doesn't make sense. What are you actually trying to do? Try not to use juniper feature terms.
GRE tunnels between the two peers and then dynamic routing over it?
>
> Log on Linux-strongswan:
>
> payload type NOTIFY was not encrypted
>
> could not decrypt payloads
>
> integrity check failed
>
> 04[IKE] IKE_AUTH response with message ID 1 processing failed
You need to either
1) read the logs on the juniper to figure out what it wants
2) use tcpdump to read the logs and then look at the contents of that IKE packet using wireshark to figure out what the NOTIFY is
Please try to use fewer spaces in the next email and fix the formatting.
The strongswan config was aligned to the right of the page and had lots of indentation problems.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170320/3915415e/attachment.sig>
More information about the Users
mailing list