[strongSwan] Upgrade client to 5.6.3, get AUTH_FAILED

Hoggins! hoggins at radiom.fr
Sat Jul 14 14:30:08 CEST 2018


Reverting back to 5.6.1 with a simple "make install" and "ipsec restart"
does the trick, and authentication performs successfully.

Both my 5.6.1 and 5.6.3 compilations are made with the same configure
options (i.e. none), and make install puts libraries and binaries under
the /usr/local/ prefix, so both of them will look for the same
ipsec.conf and ipsec.secrets config files.

Little lost here.

Le 14/07/2018 à 11:39, Hoggins! a écrit :
> Hello,
>
> I bumped into a strange problem and I was wondering if you could help me :
>
> Sun is my StrongSWAN "server" (concentrator), and has been running
> StrongSWAN 5.6.3 for a few days, no problem.
> Its "clients" have various StrongSWAN versions, including Moon which
> was running StrongSWAN 5.6.1. No problem.
>
> Then I upgraded Moon to StrongSWAN 5.6.3 and Moon cannot authenticate
> anymore to Sun. Sun complains about a MAC mismatch :
>
>     Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[CFG] selected peer
>     config 'net-net'
>     Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[IKE] tried 12
>     shared keys for '1.2.3.4' - 'netnetYomama', but MAC mismatched
>     Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[IKE] peer supports
>     MOBIKE
>     Jul 13 20:26:15 webfront-2 strongswan[1363]: 01[ENC] generating
>     IKE_AUTH response 1 [ N(AUTH_FAILED) ]
>
> Neither secrets nor config have changed on both peers, and are both
> readable and listed, but the newly upgraded Moon cannot authenticate
> properly and gets rejected.
>
> Any idea?
>
>     Thank you!
>
>         Hoggins!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180714/7e98c9a6/attachment.sig>


More information about the Users mailing list