[strongSwan] Establishing IKE_SA failed, peer not responding

Marcelo Oscar Olcese marcelo.olcese at gmail.com
Wed Jul 14 17:17:21 CEST 2021


This is the output of the "statusall" command.
Keep trying...

Status of IKE charon daemon (strongSwan 5.5.1, Linux 4.9.0-16-amd64,
x86_64):
  uptime: 60 seconds, since Jul 14 12:09:18 2021
  malloc: sbrk 2568192, mmap 0, used 430208, free 2137984
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 1
  loaded plugins: charon aes rc2 sha2 sha1 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl
fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default
connmark stroke updown
Listening IP addresses:
  200.xxx.xxx.xxx
  190.xxx.xxx.xxx
Connections:
    ciscoios:  190.xxx.xxx.xxx...200.xxx.xxx.xxx  IKEv1
    ciscoios:   local:  [190.xxx.xxx.xxx] uses pre-shared key authentication
    ciscoios:   remote: [200.xxx.xxx.xxx] uses pre-shared key authentication
    ciscoios:   child:  200.xxx.xxx.0/24 === 192.168.77.0/24 TUNNEL
   ciscoios2:   child:  200.xxx.xxx.0/24 === 10.30.200.0/24 TUNNEL
   ciscoios3:   child:  200.xxx.xxx.0/24 === 192.3.59.0/24 TUNNEL
Security Associations (0 up, 1 connecting):
    ciscoios[1]: CONNECTING,
190.xxx.xxx.xxx[190.xxx.xxx.xxx]...200.xxx.xxx.xxx[%any]
    ciscoios[1]: IKEv1 SPIs: 40e31fe9f8a889ee_i* a103e7f136b195ea_r
    ciscoios[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    ciscoios[1]: Tasks queued: QUICK_MODE QUICK_MODE QUICK_MODE
    ciscoios[1]: Tasks active: ISAKMP_VENDOR MAIN_MODE

El mié, 14 jul 2021 a las 9:00, Tobias Brunner (<tobias at strongswan.org>)
escribió:

> Hi Marcelo,
>
> The first two Main Mode exchanges apparently work fine, but then there
> is no response to the third request, which is encrypted.  So it's
> possible that the PSK is incorrect and the peer can't decrypt the message.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210714/52c3433b/attachment.html>


More information about the Users mailing list