Hello, I try to make a lan to lan connection between a Fritzbox 7390 and a CentOS 6.5 gateway with strongswan 5.1.1. When I open the connection I get the following messages:
[root@miwatest strongswan]# strongswan up miwa initiating Main Mode IKE_SA miwa[1] to 185.19.32.227 generating ID_PROT request 0 [ SA V V V V ] sending packet: from 213.133.108.164[500] to 185.19.32.227[500] (184 bytes) received packet: from 185.19.32.227[500] to 213.133.108.164[500] (148 bytes) parsed ID_PROT response 0 [ SA N((24576)) V V ] received XAuth vendor ID received DPD vendor ID generating ID_PROT request 0 [ KE No ] sending packet: from 213.133.108.164[500] to 185.19.32.227[500] (196 bytes) received packet: from 185.19.32.227[500] to 213.133.108.164[500] (180 bytes) parsed ID_PROT response 0 [ KE No ] generating ID_PROT request 0 [ ID HASH ] sending packet: from 213.133.108.164[500] to 185.19.32.227[500] (68 bytes) received packet: from 185.19.32.227[500] to 213.133.108.164[500] (108 bytes) parsed ID_PROT response 0 [ ID HASH N(INITIAL_CONTACT) ] IKE_SA miwa[1] established between 213.133.108.164[213.133.108.164]...185.19.32.227[miwaidv.dyndns.ws] scheduling reauthentication in 28128s maximum IKE_SA lifetime 28668s generating QUICK_MODE request 1324784499 [ HASH SA No ID ID ] sending packet: from 213.133.108.164[500] to 185.19.32.227[500] (204 bytes) received packet: from 185.19.32.227[500] to 213.133.108.164[500] (76 bytes) parsed INFORMATIONAL_V1 request 2845966155 [ HASH N(NO_PROP) ] received NO_PROPOSAL_CHOSEN error notify establishing connection 'miwa' failed When I scan the FritzBox I get the following informations: [root@miwatest strongswan]# ike-scan miwaidv.dyndns.ws Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) 185.19.32.227 Main Mode Handshake returned HDR=(CKY-R=539bd1bb72dabf1d) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration=28800) Notification=(Type=RESPONDER-LIFETIME, SPI=7471c7db8f597359539bd1bb72dabf1d, Data=800b0001800c0e10) VID=09002689dfd6b712 (XAUTH) VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0) Ending ike-scan 1.9: 1 hosts scanned in 0.204 seconds (4.90 hosts/sec). 1 returned handshake; 0 returned notify Here my ipsec.conf: conn miwa aggressive=no left=213.133.108.164 leftsubnet=192.168.1.0/24 ike=3des-sha1-modp1024 esp=3des-sha1 leftallowany=yes leftfirewall=yes lefthostaccess=yes # right=miwaidv.dyndns.ws rightid="@miwaidv.dyndns.ws" rightsubnet=192.168.0.0/24 keyexchange=ikev1 ikelifetime=8h keylife=8h authby=psk type=tunnel auto=route # dpddelay=30 # dpdtimeout=120 # dpdaction=none Here is the configuration of the Fritzbox: vpncfg { connections { enabled = yes; conn_type = conntype_lan; name = "miwatest"; always_renew = no; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 213.133.108.164; remote_virtualip = 0.0.0.0; localid { fqdn = "miwaidv.dyndns.ws"; } remoteid { ipaddr = 213.133.108.164; } mode = phase1_mode_idp; phase1ss = "all/all/all"; keytype = connkeytype_pre_shared; key = "xxxxxx"; cert_do_server_auth = no; use_nat_t = no; use_xauth = no; use_cfgmode = no; phase2localid { ipnet { ipaddr = 192.168.0.0; mask = 255.255.255.0; } } phase2remoteid { ipnet { ipaddr = 192.168.1.0; mask = 255.255.255.0; } } phase2ss = "esp-all-all/ah-none/comp-all/pfs"; accesslist = "permit ip any 192.168.1.0 255.255.255.0"; } ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", "udp 0.0.0.0:4500 0.0.0.0:4500"; } Have someone an idea where's the problem? Best Regards, Michael _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
