It looks as if the PSK is not the same on the other endpoint. Regards
Andreas On 16.06.2016 12:29, Jayapal Reddy wrote: > Hi, > > I am trying strongswan 5.2.1 for the site to site vpn. > I have followed the config from the link[1] for the configuration. In my > setup the connection is failed to come up. > > [1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/ > > Can some one please suggest what is going wrong. Below are the logs. > > # ipsec --version > Linux strongSwan U5.2.1/K3.2.0-4-amd64 > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil, Switzerland > See 'ipsec --copyright' for copyright information. > > > > > R1 config: > #auto=addpsec.conf - strongSwan IPsec configuration file > > config setup > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev1 > #authby=secret > authby=psk > > conn net-net > left=10.147.46.103 > leftsubnet=10.10.0.0/16 <http://10.10.0.0/16> > leftfirewall=yes > right=10.147.46.112 > rightsubnet=10.20.0.0/16 <http://10.20.0.0/16> > auto=add > > # cat ipsec.secrets > 10.147.46.112 10.147.46.103 : PSK "123456789" > > R2 config: > > # cat ipsec.conf > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev1 > authby=secret > > conn net-net > left=10.147.46.112 > leftsubnet=10.20.0.0/16 <http://10.20.0.0/16> > leftfirewall=yes > right=10.147.46.103 > rightsubnet=10.10.0.0/16 <http://10.10.0.0/16> > auto=add > # cat ipsec.secrets > 10.147.46.103 10.147.46.112 : PSK "123456789" > > > # ipsec up net-net > initiating Main Mode IKE_SA net-net[3] to 10.147.46.112 > generating ID_PROT request 0 [ SA V V V V ] > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes) > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 bytes) > parsed ID_PROT response 0 [ SA V V V ] > received XAuth vendor ID > received DPD vendor ID > received NAT-T (RFC 3947) vendor ID > generating ID_PROT request 0 [ KE No NAT-D NAT-D ] > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes) > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 bytes) > parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] > generating ID_PROT request 0 [ ID HASH ] > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes) > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes) > invalid HASH_V1 payload length, decryption failed? > could not decrypt payloads > message parsing failed > ignore malformed INFORMATIONAL request > INFORMATIONAL_V1 request with message ID 867435333 processing failed > > > Thanks, > Jayapal > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
