[strongSwan] "peer not responding, try again"

Wed, 09 Mar 2011 05:33:32 -0800 

Hi,

I am new to strongswan, and would really appreciate some help in setting up
the SAs. For some reason, packets being sent are not being received by the
other machine. After retries, it says "peer not responding, try again".
Please fine below an excerpt of my log file:

Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: add
connection 'sample-with-ca-cert'
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   loaded certificate
"C=CH, O=Linux strongSwan, OU=Sales, [email protected]" from
'myCert.pem'
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG]   id '10.58.114.215' not
confirmed by certificate, defaulting to 'C=CH, O=Linux strongSwan, OU=Sales,
[email protected]'
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] added configuration
'sample-with-ca-cert'
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: initiate
'sample-with-ca-cert'
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[IKE] initiating IKE_SA
sample-with-ca-cert[1] to 10.58.112.139
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[ENC] generating IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Mar  9 13:25:59 cip-Latitude-D520 charon: 06[NET] sending packet: from
10.58.114.215[500] to 10.58.112.139[500]
Mar  9 13:26:03 cip-Latitude-D520 charon: 14[IKE] retransmit 1 of request
with message ID 0
Mar  9 13:26:03 cip-Latitude-D520 charon: 14[NET] sending packet: from
10.58.114.215[500] to 10.58.112.139[500]
Mar  9 13:26:04 cip-Latitude-D520 charon: 10[CFG] received stroke: add
connection 'sample-with-ca-cert'
Also, please find below my ipsec.conf file:
 ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
        charondebug=all
        # plutodebug=all
        # crlcheckinterval=600
        strictcrlpolicy=yes
        # cachecrls=yes - only for ikev1
        # nat_traversal=yes
        charonstart=yes
        # plutostart=yes - only for ikev1
# Add connections here.
# Sample VPN connections
#conn sample-self-signed
#      left=10.58.112.170
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=10.58.112.235
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start
conn sample-with-ca-cert
      left=10.58.114.215
      leftsubnet=10.58.114.0/24
      leftcert=myCert.pem
      right=10.58.112.139
      rightsubnet=10.58.112.0/24
      rightid="C=CH, O=Linux strongSwan CN=peer name"
      keyexchange=ikev2
      auto=start
include /var/lib/strongswan/ipsec.conf.inc

Can someone help me out?

Thanks,
Mira

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to