Hi Shreyas
> Is there a way to use strongswan for IKE only without using the linux
> IPsec stacks ? I want to export the SAs that get negotiated through
> IKE and use my hardware IPsec stack for IPsec implementation. Is that
> possible? Also, some pointers to such would be very helpful.
Yes, see
Hi Joe,
> Sep 16 17:42:13 vmi82861 charon: 05[ENC] invalid ID_V1 payload length,
> decryption failed?
> Sep 16 17:42:13 vmi82861 charon: 05[ENC] could not decrypt payloads
> Sep 16 17:42:13 vmi82861 charon: 05[IKE] message parsing failed
Looks like a mismatching PSK [1].
Regards,
Tobias
[1]
ht
Hi Mahesh,
> It seems that phase 1 IKE is working but not phase 2 ESP. I've tried
> different settings for ike= to no avail. Config and brief log below and
> extended log attached.
You should check the responder's log. It seems to immediately delete
the IKE_SA after receiving the Quick Mode req
Hi Tobias,
that was definitely the issue. Thanks for leading me down the right path. I was
under the impression that strongswan was using the mysql DB to obtain the PSK
for Cisco IPsec connections but it seems that I was wrong.
Would you happen to know if that is possible ?
> On Sep 19, 2016,
Hi Joe,
> I was under the impression that strongswan was using the mysql DB to obtain
> the PSK for Cisco IPsec connections but it seems that I was wrong.
> Would you happen to know if that is possible ?
Yes, that should be possible. You'll find several examples using PSKs
at [1]. However, th
Good afternoon,
I have two strongSwan VPN Servers running; one to keep me connected to the
United Kingdom and one to protect data on hotel WiFi (etc.) in the United
States. Admittedly, I am not familiar with strongSwan; having not heard
about it until several days ago. In either case, I was succes