[strongSwan] Configuration Error: received message ID 0, expected 1. Ignored

Jafar Al-Gharaibeh jafar at atcorp.com
Sat Feb 24 07:20:04 CET 2018


 From the logs, box1 received "Auth Failed" response from box 2. You 
have to inspect the logs on box 2 to see why it is failing to 
authenticate box 1.

--Jafar


On 2/23/2018 4:26 AM, Anne Ambe wrote:
> Hi,
> I have been struggling for the past week to configure an ipsec tunnel 
> between two fedora19 boxes using strongswan version  5.1.3
> I tried to follow the configuration for net2net with PSK found on this 
> link 
> https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html.
> Here is my configuration:
>
> *Box1: *
> *ipsec.conf:
>
> *config setup
> conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         authby=secret
>         keyexchange=ikev2
>         mobike=no
>
> conn fed1_fed2
>         left=192.168.aa.bb
>         leftsubnet=192.168.x.0/24
>         leftid=@fed1
>         leftfirewall=no
>         right=192.168.aa.cc
>         rightsubnet=192.168.y.0/24
>         rightid=@fed2
>         auto=add*
> Box 2:
>
> ipsec.conf
>
> *config setup*
> *conn %default
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         authby=secret
>         keyexchange=ikev2
>         mobike=no
>
> conn fed1_fed2
>         left=192.168.aa.cc
>         leftsubnet=192.168.y.0/24
>         leftid=@fed2
>         leftfirewall=no
>         right=192.168.aa.bb
>         rightsubnet=192.168.x.0/24
>         rightid=@fed1
>         auto=add*
>
> Common on box1 and box 2
>
> strongswan.conf
> *charon {
>   load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke 
> kernel-netlink socket-default updown
>   multiple_authentication = no
> }*
> *
> **ipsec.secret
> **@fed1 @fed2 : PSK 0sblahblahblah**
>
> when i try to bring  up this tunnel from box1 this i get this error
> **initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652 bytes)
> received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (376 bytes)
> parsed IKE_SA_INIT response 0 [ SA KE No V ]
> received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73
> authentication of 'fed1' (myself) with pre-shared key
> establishing CHILD_SA fed1_fed2
> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi 
> TSr N(EAP_ONLY) ]
> sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364 bytes)
> received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36 bytes)
> parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]
> *received message ID 0, expected 1. Ignored***
>
> **I am very new to strongswan.Please any guidance will be very much 
> appreciated.**
>
> Thanks
>
> Anne
> **
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> 
> 	Virus-free. www.avast.com 
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> 
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180224/313fdec7/attachment.html>


More information about the Users mailing list