[strongSwan] ipsec connectivity fails on phase2 with error: [ HASH N(INVAL_ID) ]

Wed, 24 Jul 2013 11:17:59 -0700 

Hi everyone,

I am trying to setup a simple ipsec  tunnel  ( net-to-net)  using PSK following 
the example showing here in strongswan website: 
http://www.strongswan.org/uml/testresults/ikev1/net2net-psk/

I am running strongswan   5.0.1   on both sides and I am using the exact set up 
shown  in this example.
My left gateway is lmu55=192.168.1.55 and right gateway  is lmu56=192.168.1.56. 
When I start the strongswan on both side and issue the command >>ipsec -up lmu55
(lmu55 is connection name for the left side)from the left side   I get the 
following messages and connection fails . I looked at the tcpdump data and it 
seems it completes phase1 but fails on phase2. I can also see in the 
stablishment of SA :
.......    
KE_SA lmu55[1] established between 
192.168.1.55[lmu55.strongswan.com]...192.168.1.56[lmu56.strongswan.com]

....

Error is  [ HASH N(INVAL_ID) ]  which you can see below in the output of  ipsec 
command
I am wonder what I am missing here in my setup. 

I appreciate your help in advance.
Farid


root@LMU5k:~# ipsec up lmu55
initiating Main Mode IKE_SA lmu55[1] to 192.168.1.56
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (224 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (372 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (92 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (92 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA lmu55[1] established between 
192.168.1.55[lmu55.strongswan.com]...192.168.1.56[lmu56.strongswan.com]
scheduling reauthentication in 10258s
maximum IKE_SA lifetime 10798s
generating QUICK_MODE request 1597565745 [ HASH SA No ID ID ]
sending packet: from 192.168.1.55[500] to 192.168.1.56[500] (236 bytes)
received packet: from 192.168.1.56[500] to 192.168.1.55[500] (76 bytes)
parsed INFORMATIONAL_V1 request 4090518834 [ HASH N(INVAL_ID) ]
received INVALID_ID_INFORMATION error notify
establishing connection 'lmu55' failed

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to