The log entry: : 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] : 06[NET] sending packet: from 10.58.114.215[500] to 10.58.112.139[500] : 14[IKE] retransmit 1 of request with message ID 0
just means that your peer either does not receive the IKE_SA_INIT request or that the IKE_SA_INIT reply gets lost on the way back. You should check the log on the peer side. Regards Andreas On 03/09/2011 08:08 AM, Meera Sudhakar wrote: > Hi, > I am new to strongswan, and would really appreciate some help in setting > up the SAs. For some reason, packets being sent are not being received > by the other machine. After retries, it says "peer not responding, try > again". Please fine below an excerpt of my log file: > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: add > connection 'sample-with-ca-cert' > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[CFG] loaded certificate > "C=CH, O=Linux strongSwan, OU=Sales, [email protected] > <mailto:[email protected]>" from 'myCert.pem' > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[CFG] id '10.58.114.215' > not confirmed by certificate, defaulting to 'C=CH, O=Linux strongSwan, > OU=Sales, [email protected]' <mailto:[email protected]'> > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[CFG] added configuration > 'sample-with-ca-cert' > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[CFG] received stroke: > initiate 'sample-with-ca-cert' > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[IKE] initiating IKE_SA > sample-with-ca-cert[1] to 10.58.112.139 > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[ENC] generating IKE_SA_INIT > request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > Mar 9 13:25:59 cip-Latitude-D520 charon: 06[NET] sending packet: from > 10.58.114.215[500] to 10.58.112.139[500] > Mar 9 13:26:03 cip-Latitude-D520 charon: 14[IKE] retransmit 1 of > request with message ID 0 > Mar 9 13:26:03 cip-Latitude-D520 charon: 14[NET] sending packet: from > 10.58.114.215[500] to 10.58.112.139[500] > Mar 9 13:26:04 cip-Latitude-D520 charon: 10[CFG] received stroke: add > connection 'sample-with-ca-cert' > Also, please find below my ipsec.conf file: > ipsec.conf - strongSwan IPsec configuration file > # basic configuration > config setup > charondebug=all > # plutodebug=all > # crlcheckinterval=600 > strictcrlpolicy=yes > # cachecrls=yes - only for ikev1 > # nat_traversal=yes > charonstart=yes > # plutostart=yes - only for ikev1 > # Add connections here. > # Sample VPN connections > #conn sample-self-signed > # left=10.58.112.170 > # leftsubnet=10.1.0.0/16 <http://10.1.0.0/16> > # leftcert=selfCert.der > # leftsendcert=never > # right=10.58.112.235 > # rightsubnet=10.2.0.0/16 <http://10.2.0.0/16> > # rightcert=peerCert.der > # auto=start > conn sample-with-ca-cert > left=10.58.114.215 > leftsubnet=10.58.114.0/24 <http://10.58.114.0/24> > leftcert=myCert.pem > right=10.58.112.139 > rightsubnet=10.58.112.0/24 <http://10.58.112.0/24> > rightid="C=CH, O=Linux strongSwan CN=peer name" > keyexchange=ikev2 > auto=start > include /var/lib/strongswan/ipsec.conf.inc > Can someone help me out? > Thanks, > Mira > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
