Hello,
here my very simple strongswan configuration:
version 2
config setup
conn mytunnel
keyexchange=ikev1
left=a.b.c.d
right=e.f.g.h
leftsubnet=10.150.2.0/24
authby=psk
rightsubnet=192.168.10.0/24
auto=route
esp=aes128-md5-modp1024
ike=aes128-sha1-modp1024,aes-md5-modp1536
type=tunnel
On the other side a Juniper SSG is running. If I establish the tunnel with
"ipsec start" & "ipsec up mytunnel"
everything works fine. The Juniper receives */24 ProxyIDs. On the other hand
the tunnel won't get up if I only
do an "ipsec start" and try to ping a machine on the remote network. The
Juniper device complains about
wrong */32 ProxyIDs. Here some lines of the strongswan log that may give a hint:
Jan 28 21:31:26 hermes daemon.info syslog: 03[ENC] parsed ID_PROT request 0 [
KE No ]
Jan 28 21:31:26 hermes daemon.info syslog: 08[KNL] creating acquire job for
policy 10.150.2.97/32[icmp/8] === 192.168.10.1/32[icmp] with reqid {1}
Jan 28 21:31:26 hermes kern.debug kernel: [ 5042.102487] ip_finish_output2: No
header cache and no neighbour!
Jan 28 21:31:26 hermes daemon.info syslog: 03[ENC] generating ID_PROT response
0 [ KE No ]
Maybe someone can help.
Markus
****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
Ãber das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.
Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln
Vorstand:
Kadir Akin
Dr. Michael Höhnerbach
Vorsitzender des Aufsichtsrates:
Hans Kristian Langva
Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.
Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln
executive board:
Kadir Akin
Dr. Michael Höhnerbach
President of the supervisory board:
Hans Kristian Langva
Registry office: district court Cologne
Register number: HRB 52 497
****************************************************************************
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
