Hi, I tried to form a site to site tunnel in strongswan using IKEV1. But tunnel negotiation is not success.
Topology __________ Strongswan(Router1) --------- Strongswan(VPN SERVER) I have configured [email protected] in router2, but as per the below error message,Strongswan is looking for peer configs with identify as %any instead of "@www.naveen2.com". Please provide your inputs Logs ______ Jun 11 22:33:57 uxcasxxx pluto[1886]: | ******parse ISAKMP Oakley attribute: Jun 11 22:33:57 uxcasxxx pluto[1886]: | af+type: OAKLEY_AUTHENTICATION_METHOD Jun 11 22:33:57 uxcasxxx pluto[1886]: | length/value: 1 Jun 11 22:33:57 uxcasxxx pluto[1886]: | [1 is pre-shared key] *Jun 11 22:33:57 uxcasxxx pluto[1886]: "fqdn_vr1"[3] 172.31.114.226 #3: Can't authenticate: no preshared key found for '172.31.114.227' and '%any'. Attribute OAKLEY_AUTHENTICATION_METHOD* Jun 11 22:33:57 uxcasxxx pluto[1886]: | *****parse ISAKMP Transform Payload (ISAKMP): Jun 11 22:33:57 uxcasxxx pluto[1886]: | next payload type: ISAKMP_NEXT_NONE Jun 11 22:33:57 uxcasxxx pluto[1886]: | length: 32 Jun 11 22:33:57 uxcasxxx pluto[1886]: | transform number: 1 Jun 11 22:33:57 uxcasxxx pluto[1886]: | transform ID: KEY_IKE Jun 11 22:33:57 uxcasxxx pluto[1886]: | ******parse ISAKMP Oakley attribute: Router2 ________ Router1 ______ conn static-dynamic type=tunnel keyexchange=ikev1 left=172.31.114.227 right=%any [email protected] auth=esp authby=secret pfs=yes auto=add 172.31.114.227 @www.naveen2.com : PSK "presharedkey" Router2 ________ conn dynamic-static type=tunnel keyexchange=ikev1 left=%defaultroute [email protected] right=172.31.114.227 auth=esp authby=secret pfs=yes auto=add @www.naveen2.com 172.31.114.227 : PSK "presharedkey" Regards, Saravanan N
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
