Hi, This is regarding an issue that we are facing with IKEv1.
We are able to setup an IPSEC tunnel with IKEv2 but the same is failing with IKEv1. Ipsec.conf file for IKEv2: config setup # plutodebug=all strictcrlpolicy=no charonstart=yes plutostart=no charondebug=all ca strongswan cacert=caCert.der auto=add conn sample-with-ca-cert left=169.254.1.70 leftsubnet=169.254.1.0/24 leftcert=VC2Cert.der right=169.254.0.70 rightsubnet=169.254.0.0/24 rightid="C=CH, O=strongSwan, CN=169.254.0.70" keyexchange=ikev2 auto=start This configuration works fine for IKEv2 tunnels: # ipsec status Security Associations: sample-with-ca-cert[1]: ESTABLISHED 18 seconds ago, 169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]...169.254.1.70[C=CH, O=strongSwan, CN=169.254.1.70] sample-with-ca-cert{1}: INSTALLED, TUNNEL, ESP SPIs: cb854b6d_i cd9ac880_o sample-with-ca-cert{1}: 169.254.0.0/24 === 169.254.1.0/24 The instant we try this for IKEv1(keyexchange=ikev1 , charonstart=no, plutostart=yes), it fails and the tunnel is not getting established. # ipsec status 000 "sample-with-ca-cert": 169.254.1.0/24===169.254.1.70[C=CH, O=strongSwan, CN=169.254.1.70]...169.254.0.70[C=CH, O=strongSwan, CN=169.254.0.70]===169.254.0.0/24; unrouted; eroute owner: #0 000 "sample-with-ca-cert": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 #1: "sample-with-ca-cert" STATE_MAIN_I2 (sent MI2, expecting MR2); EVENT_RETRANSMIT in 8s 000 #1: pending Phase 2 for "sample-with-ca-cert" replacing #0 000 No logging was observed at all for IKEv1. Could you please let us know how to solve this issue?? Please find some of the details of our environment below: Server: Ubuntu - linux-2.6.35 Strongswan IKEv1 version: # apt-cache policy strongswan-ikev1 strongswan-ikev1: Installed: 4.5.2-1.1 Candidate: 4.5.2-1.1 Version table: *** 4.5.2-1.1 0 100 /var/lib/dpkg/status We assume that IKEv1 is already installed from the above status. Can you let us know of any other way to check if IKEv1 is supported? Thanks & Regards, Kavitha
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users