[strongSwan] OpenWRT. IPSec server

Thu Jan 11 07:20:18 CET 2018

Hi Neon,

when I run "IPSec up tunnel". I get the below message.

scheduling reauthentication in 2905s
maximum IKE_SA lifetime 3445s
received TS_UNACCEPTABLE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
establishing connection 'tunnel' failed

Following is my client config file

     config setup
        charondebug="all"
         uniqueids=yes
         strictcrlpolicy=no
conn %default
conn tunnel #
         left=192.168.10.1
         right=X.X.X.X
         ike=aes256-sha1-modp2048
         #ike=aes256-sha384-prfsha384-ecp384!
         esp=aes256!
         keyingtries=0
         ikelifetime=1h
         lifetime=8h
         dpddelay=30
         dpdtimeout=1h
         dpdaction=restart
         authby=psk
         auto=start

Thanks Sujoy

On Thursday 04 January 2018 03:38 AM, Noel Kuntze wrote:
> Hi,
>
> Only on the responder.
> If you use dpd and enforce UDP encapsulation, you do not need to open any ports on the initiator side.
> Refer to the UsableExamples wiki page[1] for example configurations that are usable in the real world.
>
> Kind regards
>
> Noel
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
>
> On 28.12.2017 08:51, Sujoy wrote:
>> Hi All,
>>
>>
>> We want to implement StrongSwan,with IPsec in OpenWRT. IPSec server will be running in CentOS and the OpenWRt router will connect to it using VPN. I have configured the server part, struggling to configure the client part. Do we need to open port 4500 for this first.
>>
>> Anyone can suggest any solution for this.