And if you set ike=3des-sha1-modp1024 esp=3des-md5
Regards Andreas On 27.07.2010 10:34, zux wrote: > Hello, > I'm new to strongswan and ipsec and I'm having problems with configuring > strongswan to work with mikrotik router, the strange thing is that > mikrotik is able to initiate the connection and everything works then, > but strongswan can not initiate the connection. The problem is, that if > the strongswan box is rebooted, the connection is not reestablished > until I reset it from the mikrotik side. The configuration on the > mikrotik is the same as other, that work well between other mikrotik > boxes. Besides, I have changed the lifetime on mikrotik from 1 day to > one hour, and then if i reboot strongswan, the connection is established > after that hour. (or less, if the connection was up for some time) > I'm sorry if this problem has nothing to do with strongswan, but maybe > someone can give some useful tips. > > The error on Mikrotik, when strongswan tries to connect is this: > > Recieved ISAKMP packet from <strongswan IP>, phase 1, Identity Protection > responding phase 1, starting mode Identity Protection (local <mikrotik > IP>:500)(remote <strongswan IP>) > no acceptable proposal found (remote unknown) > failed to process packet > > This is the mikrotik configuration: > > Ipsec Policy: > Src. Address: 192.168.1.0/24 > Dst. Address: 192.168.156.0/24 > Action: encrypt > Level: require > IPsec Protocols: esp > Tunnel = yes > SA Src. Address: <mikrotik IP> > SA Dst. Address: <strongswan IP> > Proposal: pleskava > Manual SA: None > > IPsec Peer: > Address: <strongswan IP> > Port: 500 > Secret: <password> > Exchange Mode: main > Send initial Contact = yes > Proposal Check: obey > Hash Algoritm: sha > Encrypt Algorithm: 3des > DH Group: modp1024 > Generate policy = yes > Lifetime: 1d 00:00:00 > > Ipsec Proposal: > Name: pleskava > Auth. Algorithms: md5 > Encr. Algorithms: 3des > Lifetime: 01:00:00 > PFS Goup: none > > > and this ir strongswan configuration: > r...@kristaps:~# cat /etc/ipsec.conf > # ipsec.conf - strongSwan IPsec configuration file > > # basic configuration > > config setup > interfaces="ipsec0=eth0" > klipsdebug=none > plutodebug=all > uniqueids=yes > > conn %default > keyingtries=0 > authby=rsasig > > conn riga > left=<stronswan IP> > leftsubnet=192.168.156.0/24 > right=<mikrotik IP> > rightsubnet=192.168.1.0/24 > keyexchange=ike > authby=secret > auth=esp > ike=3des-md5-modp1024 > esp=3des-md5-modp1024 > pfs=no > type=tunnel > auto=start > > > r...@kristaps:~# cat /etc/ipsec.secrets > <strongswan IP> <mikrotik IP> : PSK "password" > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
