[strongSwan] Strongswan as responder only
Balaji Thoguluva Bapulal
balaji.thoguluva.bapulal at oracle.com
Tue Sep 5 06:36:47 CEST 2017
Hello Strongswan users,
I have some basic question on how to enable a particular strongswan connection as responder only. Basically another peer (security gateway) will try to establish a IKE/IPsec connection towards strongswan in responder mode. I tried the following configuration and strongswan seems to report error.
config setup
charondebug=all
conn %default
keyingtries=1
keyexchange=ikev2
reauth=no
conn peering
left=172.16.20.51
leftfirewall=no
leftauth=psk
right=172.16.20.2
rightauth=psk
auto=add
esp=aes-sha1-modp1024
ike=aes-sha1-md5-modp1024
type=tunnel
rekey=yes
/var/log/messages shows
Sep 5 00:21:06 acme95 charon-custom: 00[JOB] spawning 16 worker threads
Sep 5 00:21:06 acme95 charon-custom: 09[CFG] received stroke: add connection 'peering'
Sep 5 00:21:06 acme95 charon-custom: 09[CFG] added configuration 'peering'
Sep 5 00:21:36 acme95 charon-custom: 10[NET] received packet: from 172.16.20.51[500] to 172.16.20.2[500] (420 bytes)
Sep 5 00:21:36 acme95 charon-custom: 10[ENC] payload type TRAFFIC_SELECTOR_INITIATOR was not encrypted
Sep 5 00:21:36 acme95 charon-custom: 10[ENC] could not decrypt payloads
Sep 5 00:21:36 acme95 charon-custom: 10[IKE] integrity check failed
Sep 5 00:21:36 acme95 charon-custom: 10[IKE] IKE_SA_INIT request with message ID 0 processing failed
Also I attempted to enable debug logging, but I do not see any more details beyond the above details.
Thanks,
Balaji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170904/23e098ec/attachment.html>
More information about the Users
mailing list