Hi Andreas, You mean other end secrets file should contain as below ? I tried this also but the result is same. 10.147.46.112 10.147.46.103 : PSK "123456789"
Thanks, Jayapal On Thu, Jun 16, 2016 at 4:35 PM, Andreas Steffen < [email protected]> wrote: > It looks as if the PSK is not the same on the other endpoint. > > Regards > > Andreas > > On 16.06.2016 12:29, Jayapal Reddy wrote: > > Hi, > > > > I am trying strongswan 5.2.1 for the site to site vpn. > > I have followed the config from the link[1] for the configuration. In my > > setup the connection is failed to come up. > > > > [1] https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/ > > > > Can some one please suggest what is going wrong. Below are the logs. > > > > # ipsec --version > > Linux strongSwan U5.2.1/K3.2.0-4-amd64 > > Institute for Internet Technologies and Applications > > University of Applied Sciences Rapperswil, Switzerland > > See 'ipsec --copyright' for copyright information. > > > > > > > > > > R1 config: > > #auto=addpsec.conf - strongSwan IPsec configuration file > > > > config setup > > > > conn %default > > ikelifetime=60m > > keylife=20m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > #authby=secret > > authby=psk > > > > conn net-net > > left=10.147.46.103 > > leftsubnet=10.10.0.0/16 <http://10.10.0.0/16> > > leftfirewall=yes > > right=10.147.46.112 > > rightsubnet=10.20.0.0/16 <http://10.20.0.0/16> > > auto=add > > > > # cat ipsec.secrets > > 10.147.46.112 10.147.46.103 : PSK "123456789" > > > > R2 config: > > > > # cat ipsec.conf > > > > conn %default > > ikelifetime=60m > > keylife=20m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > authby=secret > > > > conn net-net > > left=10.147.46.112 > > leftsubnet=10.20.0.0/16 <http://10.20.0.0/16> > > leftfirewall=yes > > right=10.147.46.103 > > rightsubnet=10.10.0.0/16 <http://10.10.0.0/16> > > auto=add > > # cat ipsec.secrets > > 10.147.46.103 10.147.46.112 : PSK "123456789" > > > > > > # ipsec up net-net > > initiating Main Mode IKE_SA net-net[3] to 10.147.46.112 > > generating ID_PROT request 0 [ SA V V V V ] > > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (248 bytes) > > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (136 > bytes) > > parsed ID_PROT response 0 [ SA V V V ] > > received XAuth vendor ID > > received DPD vendor ID > > received NAT-T (RFC 3947) vendor ID > > generating ID_PROT request 0 [ KE No NAT-D NAT-D ] > > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (372 bytes) > > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (372 > bytes) > > parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] > > generating ID_PROT request 0 [ ID HASH ] > > sending packet: from 10.147.46.103[500] to 10.147.46.112[500] (92 bytes) > > received packet: from 10.147.46.112[500] to 10.147.46.103[500] (76 bytes) > > invalid HASH_V1 payload length, decryption failed? > > could not decrypt payloads > > message parsing failed > > ignore malformed INFORMATIONAL request > > INFORMATIONAL_V1 request with message ID 867435333 processing failed > > > > > > Thanks, > > Jayapal > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > https://lists.strongswan.org/mailman/listinfo/users > > > > -- > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
