[strongSwan-dev] Strongswan 5.2

Thu, 16 Jun 2016 03:30:08 -0700 

Hi,

I am trying strongswan 5.2.1 for the site to site vpn.
I have followed the config from the link[1] for the configuration. In my
setup the connection is failed to come up.

[1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/

Can some one please suggest what is going wrong. Below are the logs.

# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.




R1 config:
#auto=addpsec.conf - strongSwan IPsec configuration file

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    #authby=secret
    authby=psk

conn net-net
    left=10.147.46.103
    leftsubnet=10.10.0.0/16
    leftfirewall=yes
    right=10.147.46.112
    rightsubnet=10.20.0.0/16
    auto=add

# cat ipsec.secrets
10.147.46.112 10.147.46.103 : PSK "123456789"

R2 config:

# cat ipsec.conf

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
    authby=secret

conn net-net
    left=10.147.46.112
    leftsubnet=10.20.0.0/16
    leftfirewall=yes
    right=10.147.46.103
    rightsubnet=10.10.0.0/16
    auto=add
# cat ipsec.secrets
10.147.46.103 10.147.46.112 : PSK "123456789"


# ipsec up net-net
initiating Main Mode IKE_SA net-net[3] to 10.147.46.112
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes)
received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes)
invalid HASH_V1 payload length, decryption failed?
could not decrypt payloads
message parsing failed
ignore malformed INFORMATIONAL request
INFORMATIONAL_V1 request with message ID 867435333 processing failed


Thanks,
Jayapal

_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

Reply via email to