[strongSwan] Configuration Error: received message ID 0, expected 1. Ignored
Anne Ambe
anne.ambe at air-lynx.com
Fri Feb 23 11:26:55 CET 2018
Hi,
I have been struggling for the past week to configure an ipsec tunnel
between two fedora19 boxes using strongswan version 5.1.3
I tried to follow the configuration for net2net with PSK found on this
link
https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html.
Here is my configuration:
*Box1: *
*ipsec.conf:
*config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn fed1_fed2
left=192.168.aa.bb
leftsubnet=192.168.x.0/24
leftid=@fed1
leftfirewall=no
right=192.168.aa.cc
rightsubnet=192.168.y.0/24
rightid=@fed2
auto=add*
Box 2:
ipsec.conf
*config setup*
*conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
authby=secret
keyexchange=ikev2
mobike=no
conn fed1_fed2
left=192.168.aa.cc
leftsubnet=192.168.y.0/24
leftid=@fed2
leftfirewall=no
right=192.168.aa.bb
rightsubnet=192.168.x.0/24
rightid=@fed1
auto=add*
Common on box1 and box 2
strongswan.conf
*charon {
load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke
kernel-netlink socket-default updown
multiple_authentication = no
}*
*
**ipsec.secret
**@fed1 @fed2 : PSK 0sblahblahblah**
when i try to bring up this tunnel from box1 this i get this error
**initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652 bytes)
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (376 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No V ]
received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73
authentication of 'fed1' (myself) with pre-shared key
establishing CHILD_SA fed1_fed2
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr
N(EAP_ONLY) ]
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364 bytes)
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36 bytes)
parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]
*received message ID 0, expected 1. Ignored***
**I am very new to strongswan.Please any guidance will be very much
appreciated.**
Thanks
Anne
**
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180223/fed25537/attachment.html>
More information about the Users
mailing list