-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Huang,
Any settings regarding connections are done in ipsec.conf. Take a look at the manpage for it (man ipsec.conf) and look for the "ike" statement. To configure logging, see [1]. [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration Regards Noel Kuntze On 10.11.2013 13:46, Huang, Zhenxing wrote: > I'm so sorry, > I'm reference the page : http://strongswan.org/testresults.html , and other > relevant page ,there have not the configure about ike , > > so I don't know how to configure it on which one config_file. > > Thanks a lot !! > > > > > -----邮件原件----- > 发件人: Noel Kuntze [mailto:[email protected]] > 发送时间: 2013年11月10日 6:41 > 收件人: Huang, Zhenxing; [email protected] > 主题: Re: [strongSwan] Config IKE > > > Hello Huang, > > That error means, that charon can't find a fitting configuration that matches > the information the other peer sent it (cipher proposal, ID, sender IP > address, authentication mode). > Take a look at the other peer's configuration and find out with what settings > it tries to connect to strongSwan. > Increasing the log's verbosity on charon's side might help, if the > documentation of SOPHOS UTM isn't clear about this. > > Regards > Noel Kuntze > > On 09.11.2013 15:21, Huang, Zhenxing wrote: > > > HI,super, > > > > > We are prepare use SOPHOS UTM and centos to build a net2net vpn network. > > > > > For test ,we have two UTMs(b.company.cn,c.company.cn)、one centos(a.company) > > and one windows > > > > > We use the windows act as a certifying authority , and issue cert for them : > > > a .company.cn.cer, b.company.cn.cer , c.company.cn , and export a CA : > > ca.pfx > > > · use openssl convert a/b/c.company.cn.cer to a/b/c.pem > > > > > we are upload the ca.pfx to b.company.cn and c.company.cn to site-to-site > > VPN ->Certificate management -> certifying authority > > > upload the b.pem to c.company.cn site-to-site VPN ->Certificate > > management -> Certificate > > > upload the c.pem to b.company.cn site-to-site VPN ->Certificate > > management -> Certificate > > > · and set up a IPsec VPN connect .the remote gateway authentication > > type is local x509 certificate and certificate is pem Certificate , > > b.company.cn set certificate is c.pem, c.company.cn set certificate is > > b.pem , the Connections is establish > > > > > NOW, we are on Centos setup strongswan. > > > We are copy the pem and ca.pfx to the computer ,but we are received a error > > form log/messages: > > > > > Nov 9 22:16:03 gateway charon: 00[DMN] Starting IKE charon daemon > > (strongSwan 5.1.1, Linux 2.6.32-358.el6.x86_64, x86_64) > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading ca certificates from > > '/usr/local/etc/ipsec.d/cacerts' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate > > "CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/cacerts/ca.pem' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading aa certificates from > > '/usr/local/etc/ipsec.d/aacerts' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading ocsp signer certificates > > from '/usr/local/etc/ipsec.d/ocspcerts' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading attribute certificates from > > '/usr/local/etc/ipsec.d/acerts' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading crls from > > '/usr/local/etc/ipsec.d/crls' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loading secrets from > > '/usr/local/etc/ipsec.secrets' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loaded ca certificate > > "CN=IPSecVPN-CA" from '/usr/local/etc/ipsec.d/private/ca.pfx' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loaded RSA private key from > > '/usr/local/etc/ipsec.d/private/ca.pfx' > > > Nov 9 22:16:03 gateway charon: 00[CFG] loaded 0 RADIUS server > > configurations > > > Nov 9 22:16:03 gateway charon: 00[LIB] loaded plugins: charon aes des rc2 > > sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 > > pkcs8 pkcs12 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink > > resolve socket-default stroke updown eap-identity eap-radius eap-peap > > xauth-generic > > > Nov 9 22:16:03 gateway charon: 00[LIB] unable to load 8 plugin features (8 > > due to unmet dependencies) > > > Nov 9 22:16:03 gateway charon: 00[JOB] spawning 16 worker threads > > > Nov 9 22:16:03 gateway charon: 05[CFG] received stroke: add ca 'addca' > > > Nov 9 22:16:03 gateway charon: 05[CFG] loaded ca certificate > > "CN=IPSecVPN-CA" from 'ca.pem' > > > Nov 9 22:16:03 gateway charon: 05[CFG] added ca 'addca' > > > Nov 9 22:16:03 gateway charon: 07[CFG] received stroke: add connection > > 'net-net' > > > Nov 9 22:16:03 gateway charon: 07[CFG] loaded certificate "C=cn, O=gw-c, > > CN=gw-c.eco-schulte.cn" from 'gw-c.pem' > > > Nov 9 22:16:03 gateway charon: 07[CFG] id 'gw-a.eco-schulte.cn' not > > confirmed by certificate, defaulting to 'C=cn, O=gw-c, > > CN=gw-c.eco-schulte.cn' > > > Nov 9 22:16:03 gateway charon: 07[CFG] added configuration 'net-net' > > > Nov 9 22:16:03 gateway charon: 09[CFG] received stroke: add connection > > 'xl2tp' > > > Nov 9 22:16:03 gateway charon: 09[CFG] added configuration 'xl2tp' > > > *Nov 9 22:16:15 gateway charon: 11[NET] received packet: from > > aa.bb.27.178[500] to aa.bb.27.180[500] (256 bytes)* > > > *Nov 9 22:16:15 gateway charon: 11[ENC] parsed ID_PROT request 0 [ SA V V > > V V V V V V V ]* > > > *Nov 9 22:16:15 gateway charon: 11[IKE] no IKE config found for > > aa.bb.27.180...aa.bb.27.178, sending NO_PROPOSAL_CHOSEN* > > > *Nov 9 22:16:15 gateway charon: 11[ENC] generating INFORMATIONAL_V1 > > request 3529918923 [ N(NO_PROP) ]* > > > *Nov 9 22:16:15 gateway charon: 11[NET] sending packet: from > > aa.bb.27.180[500] to aa.bb.27.178[500] (40 bytes)* > > > *Nov 9 22:16:55 gateway charon: 12[NET] received packet: from > > aa.bb.27.178[500] to aa.bb.27.180[500] (256 bytes)* > > > *Nov 9 22:16:55 gateway charon: 12[ENC] parsed ID_PROT request 0 [ SA V V > > V V V V V V V ]* > > > *Nov 9 22:16:55 gateway charon: 12[IKE] no IKE config found for > > aa.bb.27.180...aa.bb.27.178, sending NO_PROPOSAL_CHOSEN* > > > *Nov 9 22:16:55 gateway charon: 12[ENC] generating INFORMATIONAL_V1 > > request 3127351181 [ N(NO_PROP) ]* > > > *Nov 9 22:16:55 gateway charon: 12[NET] sending packet: from > > aa.bb.27.180[500] to aa.bb.27.178[500] (40 bytes)*** > > > * * > > > Where are we not doing? Thank a lot !! > > > > > > > > > > > > > > > * * > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > https://lists.strongswan.org/mailman/listinfo/users > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSf4WQAAoJEDg5KY9j7GZYRmYP/jh+ornvpCE4d/tH+iyJSSeF gyV5gvVCsAsKxVVNtaX09IPlozJ0UMa7qZ/tj+FhErw6RFSPR0KBllOhF/Lf1Sb6 +tKahCB6+b47ICvwquCU1zf3mHUvAMve4KT2aA9KeePtHHiMBs8zLzBUhw/gCscP qMVJ9iwkdVFJDoqn0082SXjhoib/zEZH73S/PBxBi/GiMp71KwN0H+MMTNZNFvq8 2zBpGO2DltRLCCxyS7GE/VElTWtyY343UqVeejgUbvz06k/gsOV768C8ZOVl1oja ZOvSf2RQv3nSdXXjmeuwkxqC0DkqTJ9fQ0qtpUhahKnkz16ZO9+qy2aeNIAwC5cv vyRGQ65s+TmfTkNfvnxfE6qSjsUCwEFuAawNGxT4kPiWQpB7XnZhpzpehRc3OGgm xU3fOVmFRVufcQ5cwkkFV5h9keqch0/lm7i2qRB6pAID6jD8CrLyXrdo1DfgP3DK 1SFNMbkBQb/1REOn5jG1K47DNP7nhGw1sVMdp1AYfJrAS7+LlAIDw5ziYKX2ScTs cVffJi/e+Rc5jHgRyhQbL/qXD2Ujco9wMPY0Fup7Y4C/7RN8QcVzkZk57eZbNB7D KQ8m6ZiPk3QJTELITTeoY4hVLhFjxTsJjQMBO1UeP8Nr7zGMFc2YTofgQQStBt3Q C///j8aAqvg2YNx+RGZv =ZkEj -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
