Hi Andreas, Thanks for the feedback. I took mt local network out of the equation because it works in the same environment and machine on a different IS (tried MacOS with racoon). That is why I figured it would be rather a matter of configuration instead.
Any suggestions on how I could troubleshoot these possibilities? (Sorry I am not a network guy). Cheers, -- Bruno Braga (mobile) On Jan 8, 2013 9:16 AM, "Andreas Steffen" <andreas.stef...@strongswan.org> wrote: > Hi Bruno, > > there is know answer from the VPN gateway on the other end. Either > the gateway cannot be reached over the network, the gateway is not > running an listening on UDP port 500 or it supports the IKEv1 protocol > only. > > Regards > > Andreas > > On 07.01.2013 14:00, BRAGA, Bruno wrote: > >> Hi, >> >> I am having a hard time to get an IpSec VPN working in my machine... it >> works fine in other OS, and I am sure I am doing something stupid here, >> hope some guru can give me guidance! >> >> I am running Ubuntu 12.10, and installed strongswan (4.5.2), added the >> key secret in /etc/ipsec.secrets file, and setup the VPN through network >> manager. >> >> Without tempering with the strongswan.conf file, I have this output >> (noted a similar output is : >> >> --- /var/log/syslog --- >> >> Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> Starting VPN service >> 'strongswan'... >> Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service >> 'strongswan' started (org.freedesktop.**NetworkManager.strongswan), PID >> 840 >> Jan 7 22:00:06 mac17 charon: 00[DMN] Starting IKEv2 charon daemon >> (strongSwan 4.5.2) >> Jan 7 22:00:06 mac17 charon: 00[KNL] listening on interfaces: >> Jan 7 22:00:06 mac17 charon: 00[KNL] eth0 >> Jan 7 22:00:06 mac17 charon: 00[KNL] wlan0 >> Jan 7 22:00:06 mac17 charon: 00[KNL] 192.168.1.1 >> Jan 7 22:00:06 mac17 charon: 00[KNL] fe80::129a:ddff:feae:e16a >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading ca certificates from >> '/etc/ipsec.d/cacerts' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading aa certificates from >> '/etc/ipsec.d/aacerts' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading ocsp signer certificates >> from '/etc/ipsec.d/ocspcerts' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading attribute certificates >> from '/etc/ipsec.d/acerts' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading crls from >> '/etc/ipsec.d/crls' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loading secrets from >> '/etc/ipsec.secrets' >> Jan 7 22:00:06 mac17 charon: 00[CFG] loaded IKE secret for x.x.x.x %any >> Jan 7 22:00:06 mac17 charon: 00[CFG] sql plugin: database URI not set >> Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'sql': failed to load - >> sql_plugin_create returned NULL >> Jan 7 22:00:06 mac17 charon: 00[CFG] loaded 0 RADIUS server >> configurations >> Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medsrv' failed to load: >> /usr/lib/ipsec/plugins/**libstrongswan-medsrv.so: cannot open shared >> object file: No such file or directory >> Jan 7 22:00:06 mac17 charon: 00[CFG] mediation client database URI not >> defined, skipped >> Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medcli': failed to load - >> medcli_plugin_create returned NULL >> Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service >> 'strongswan' appeared; activating connections >> Jan 7 22:00:06 mac17 charon: 00[CFG] HA config misses local/remote >> address >> Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'ha': failed to load - >> ha_plugin_create returned NULL >> Jan 7 22:00:06 mac17 charon: 00[DMN] loaded plugins: test-vectors curl >> ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey >> pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm >> attr kernel-netlink resolve socket-raw farp stroke updown eap-identity >> eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc >> nm dhcp led addrblock >> Jan 7 22:00:06 mac17 charon: 00[JOB] spawning 16 worker threads >> Jan 7 22:00:06 mac17 charon: 06[CFG] received initiate for >> NetworkManager connection TestVPN >> Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN plugin state >> changed: starting (3) >> Jan 7 22:00:06 mac17 charon: 06[CFG] using CA certificate, gateway >> identity x.x.x.x' >> Jan 7 22:00:06 mac17 charon: 06[IKE] initiating IKE_SA TestVPN[1] >> to x.x.x.x >> Jan 7 22:00:06 mac17 charon: 06[ENC] generating IKE_SA_INIT request 0 [ >> SA KE No N(NATD_S_IP) N(NATD_D_IP) ] >> Jan 7 22:00:06 mac17 charon: 06[NET] sending packet: from >> 192.168.1.1[500] to x.x.x.x[500] >> Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN connection >> 'TestVPN' (Connect) reply received. >> Jan 7 22:00:10 mac17 charon: 11[IKE] retransmit 1 of request with >> message ID 0 >> Jan 7 22:00:10 mac17 charon: 11[NET] sending packet: from >> 192.168.1.1[500] to x.x.x.x[500] >> Jan 7 22:00:17 mac17 charon: 12[IKE] retransmit 2 of request with >> message ID 0 >> Jan 7 22:00:17 mac17 charon: 12[NET] sending packet: from >> 192.168.1.1[500] to x.x.x.x[500] >> Jan 7 22:00:30 mac17 wpa_supplicant[1361]: wlan0: WPA: Group rekeying >> completed with 00:24:a5:ea:a5:a2 [GTK=CCMP] >> Jan 7 22:00:30 mac17 charon: 13[IKE] retransmit 3 of request with >> message ID 0 >> Jan 7 22:00:30 mac17 charon: 13[NET] sending packet: from >> 192.168.1.1[500] to x.x.x.x[500] >> Jan 7 22:00:46 mac17 NetworkManager[1092]: <warn> VPN connection >> 'TestVPN' (IP Config Get) timeout exceeded. >> Jan 7 22:00:46 mac17 NetworkManager[1092]: <info> Policy set 'Braga' >> (wlan0) as default for IPv4 routing and DNS. >> Jan 7 22:00:46 mac17 charon: 01[IKE] destroying IKE_SA in state >> CONNECTING without notification >> Jan 7 22:00:51 mac17 charon: 00[DMN] signal of type SIGTERM received. >> Shutting down >> Jan 7 22:00:51 mac17 NetworkManager[1092]: <info> VPN service >> 'strongswan' disappeared >> >> My initial configuration file was: >> >> --- /etc/strongswan.conf --- >> >> # strongswan.conf - strongSwan configuration file >> charon { >> threads = 16 >> plugins { >> sql { >> loglevel = -1 >> } >> } >> } >> >> pluto { >> } >> libstrongswan { >> } >> >> ---------------- >> >> And here is the Network Manager configuration: >> >> --- /etc/NetworkManager/system-**connections/TestVPN --- >> >> [connection] >> id=TestVPN >> uuid=07ac4ce3-c6c3-4d42-8bb6-**29e56a8751db >> type=vpn >> autoconnect=false >> >> [vpn] >> service-type=org.freedesktop.**NetworkManager.strongswan >> virtual=no >> encap=no >> address=x.x.x.x >> user=?????? >> method=eap >> ipcomp=yes >> password-flags=1 >> >> [ipv4] >> method=auto >> ---------------- >> >> Besides the timeout issue, I noted the plugin loading issues in the >> charon logs. Looking at what I got in the system by default: >> >> $ ls /usr/lib/ipsec/plugins/ >> libstrongswan-addrblock.so libstrongswan-eap-tls.so >> libstrongswan-pkcs11.so >> libstrongswan-aes.so libstrongswan-eap-tnc.so >> libstrongswan-pkcs1.so >> libstrongswan-agent.so libstrongswan-eap-ttls.so >> libstrongswan-pubkey.so >> libstrongswan-attr.so libstrongswan-farp.so >> libstrongswan-random.so >> libstrongswan-attr-sql.so libstrongswan-fips-prf.so >> libstrongswan-resolve.so >> libstrongswan-ccm.so libstrongswan-gcm.so >> libstrongswan-revocation.so >> libstrongswan-constraints.so libstrongswan-gmp.so >> libstrongswan-sha1.so >> libstrongswan-ctr.so libstrongswan-ha.so >> libstrongswan-sha2.so >> libstrongswan-curl.so libstrongswan-hmac.so >> libstrongswan-socket-raw.so >> libstrongswan-des.so libstrongswan-kernel-netlink.**so >> libstrongswan-sql.so >> libstrongswan-dhcp.so libstrongswan-ldap.so >> libstrongswan-stroke.so >> libstrongswan-dnskey.so libstrongswan-led.so >> libstrongswan-test-vectors.so >> libstrongswan-eap-aka.so libstrongswan-md5.so >> libstrongswan-updown.so >> libstrongswan-eap-gtc.so libstrongswan-medcli.so >> libstrongswan-x509.so >> libstrongswan-eap-identity.so libstrongswan-nm.so >> libstrongswan-xauth.so >> libstrongswan-eap-md5.so libstrongswan-openssl.so >> libstrongswan-xcbc.so >> libstrongswan-eap-mschapv2.so libstrongswan-pem.so >> libstrongswan-eap-radius.so libstrongswan-pgp.so >> >> By adding the load into the strongswan.conf file at least clears the >> warnings, but I am not sure on if these modules should be here, and >> loaded... >> >> Any help really appreciated! >> >> Thanks, >> >> >> -- >> *Braga, Bruno* >> www.brunobraga.net <http://www.brunobraga.net> >> bruno.br...@gmail.com <mailto:bruno.br...@gmail.com> >> >> ==============================**==============================** > ========== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ==============================**=============================[**ITA-HSR]== > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users