Hello everyone, I am trying to test net-net configuration following the howto of the website:
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk/ Unfortunately i get always the same error: # ipsec up net-net initiating IKE_SA net-net[1] to 192.168.1.93 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.1.118[500] to 192.168.1.93[500] received packet: from 192.168.1.93[500] to 192.168.1.118[500] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] received cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd" sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd" sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd" authentication of 'sun.strongswan.org' (myself) with pre-shared key establishing CHILD_SA net-net generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ] sending packet: from 192.168.1.118[500] to 192.168.1.93[500] received packet: from 192.168.1.93[500] to 192.168.1.118[500] parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(TS_UNACCEPT) ] authentication of 'moon.strongswan.org' with pre-shared key successful IKE_SA net-net[1] established between 192.168.1.118[sun.strongswan.org]...192.168.1.93[moon.strongswan.org] scheduling reauthentication in 3279s maximum IKE_SA lifetime 3459s received TS_UNACCEPTABLE notify, no CHILD_SA built Could someone help me? Here you have the configuration files: MOON ipsec.conf: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup plutostart=no conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev2 mobike=no conn net-net left=192.168.1.93 leftsubnet=10.2.0.0/16 [email protected] right=192.168.1.118 rightsubnet=10.1.0.0/16 [email protected] auto=add include /var/lib/strongswan/ipsec.conf.inc ipsec.secrets: @moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL @sun.strongswan.org : PSK "This is a strong password" SUN ipsec.conf: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup plutostart=no # Add connections here. conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 authby=secret keyexchange=ikev2 mobike=no conn net-net left=192.168.1.118 leftsubnet=10.2.0.0/16 [email protected] right=192.168.1.93 rightsubnet=10.1.0.0/16 [email protected] auto=add include /var/lib/strongswan/ipsec.conf.inc ipsec.secrets: @moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL @sun.strongswan.org : PSK "This is a strong password" I dont know where can be the error... Thanks in advance, Igorlor _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
