Hi Neol,
Thank you. I have removed the file /etc/strongswan.d/VPN.conf
In /etc/ipsec.conf I have the same configuration. At least there is
progress, unfortunately I am still baffled. This is the previously
working configuration.
code:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
Having restarted ipsec, I get the following result
code:
# ipsec up VPN-OFFICE-COM
initiating Main Mode IKE_SA VPN-OFFICE-COM[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA VPN-OFFICE-COM[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N((24576)) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'VPN-OFFICE-COM' failed
--
Kind regards
Stephen Feyrer
On Fri, 17 Apr 2015 11:49:04 +0100, Noel Kuntze <[email protected]>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Stephen,
The configuration for the conns go into /etc/ipsec.conf, not
/etc/strongswan.d or /etc/strongswan.conf.
Only the plugin and logger configurations go into /etc/stronswan,d/ or
/etc/strongswan.conf.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 17.04.2015 um 12:27 schrieb Stephen Feyrer:
Hi,
I am hoping someone can help me. At first this looks like a simple
error but I don't think it is.
To put this into some context, so you can ignore this paragraph if
you're not interested.
A few months ago, I got my home PC - (Gentoo Linux) setup to VPN into
the office which is a Windows environment. Shortly after I moved house
and my phone line. Only at that time my ISP had a fault on the phone
line at my new house so no internet connection. Once the internet was
resolved, the first thing I did was update my PC. Next I found that my
VPN was no longer working. I was careful to look for messages that
required configuration updates, I saw none for StrongSwan.
Code:
* Starting ...
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
Starting strongSwan 5.2.2 IPsec [starter]...
Code:
# ipsec up vpn.office.com
/etc/strongswan.d/VPN.conf:1: syntax error, unexpected NAME, expecting
NEWLINE or '{' or '=' [vpn]
invalid config file '/etc/strongswan.conf'
initiating Main Mode IKE_SA vpn.office.com[1] to 17.11.7.5
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (212 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (116 bytes)
parsed ID_PROT response 0 [ SA V V ]
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.2.3.4[500] to 17.11.7.5[500] (244 bytes)
received packet: from 17.11.7.5[500] to 1.2.3.4[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
received Cisco Unity vendor ID
received XAuth vendor ID
received unknown vendor ID: [Available On Request]
received unknown vendor ID: [Available On Request]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (84 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (84 bytes)
parsed ID_PROT response 0 [ ID HASH V ]
received DPD vendor ID
IKE_SA vpn.office.com[1] established between
1.2.3.4[1.2.3.4]...17.11.7.5[17.11.7.5]
generating QUICK_MODE request [Available On Request] [ HASH SA No ID ID
NAT-OA NAT-OA ]
sending packet: from 1.2.3.4[4500] to 17.11.7.5[4500] (220 bytes)
received packet: from 17.11.7.5[4500] to 1.2.3.4[4500] (180 bytes)
parsed QUICK_MODE response [Available On Request] [ HASH SA No ID ID
N(([Available On Request])) NAT-OA ]
received 28800s lifetime, configured 0s
no acceptable traffic selectors found
establishing connection 'vpn.office.com' failed
The only other issue of note is that the behaviour of Networkmanager
appears to have changed during boot. Previously, there was a 1 second
wait, now that is gone. I have searched the web for similar issues and
found none.
The details of how my VPN came to be setup as it is are available here:
https://forums.gentoo.org/viewtopic-t-998042-postdays-0-postorder-asc-start-0.html
code:
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
code:
# strongswan.d/VPN.conf
conn VPN-OFFICE-COM
keyexchange=ikev1
type=transport
authby=secret
ike=3des-sha1-modp1024
rekey=no
left=%defaultroute
leftprotoport=udp/l2tp
right=vpn.office.com
rightprotoport=udp/l2tp
rightid=17.11.7.5
auto=add
At the time of writing I have just tried commenting out the whole of
VPN.conf and then going line by line uncommenting but now even with all
the lines uncommented, I get this message.
code:
# ipsec up VPN-OFFICE-COM
/etc/strongswan.d/Xerox.conf:15: syntax error, unexpected NAME,
expecting NEWLINE or '{' or '=' [VPN-OFFICE-COM]
invalid config file '/etc/strongswan.conf'
no config named 'VPN-OFFICE-COM'
Please help!
--
Kind regards
Stephen Feyrer
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJVMOUeAAoJEDg5KY9j7GZYlGMP/0W26Xu6U4GTg+watPHkd/LG
fQ2zuO/5VfEiSjbLWeV7RJxTALkkIJJx93H8ygblAv9cU5EmIgsP8eqNxz6cTPJ/
NW1QldDTJ/INEKVc2QI/F6gAiYrf7+gtp6kDOEXAWJKV4CY/7jjMsAygrDCMc9ca
cMtM8R18X1F7WwLsQT2tzVNBdfXmy9riJyef5L8/a+WL3AjZIQvCwhoipyrT/pB0
x91+vnhVM5vQp4AcbsB4U/mZNtfHrEr0iCU1y4RU9rY3Hxz4UTeKtrcwcMinP3RL
Vr0IKqv0ZmgJYEsrp58IgZKdYoSQQD32h8ltIrGGSSaF3y2fHU9gWAJfiUy62+Wf
0eFu0ZggedPiM3CaBW5OCRfzIQKJa5tZMgLGtCyljv7NPXHjM+0lwM50HOmgEJ9D
rGNLIcq9KRVHEK3CI7N/ju5fWf+fDD0FSUjvHPYVrwBvLntK5tmm6cDC9J2y/5WI
iMaIeuYOwGHuha15urtf5Wb39P7fneAIKryKKRHDyWFrIRwfBubojBoGX+vIj2Ex
XhSAYmXB4nzwGfR76MhypiRODOoswmzGWgmyXUoSh5vIJowBPsrFL9xqwWD06/S9
mHfHzQW2/lb9gxaOZjtzOFdCmT/HawuDGu/bkJuWRTczSTlwwXShTOUr3Lo4q3+L
SDbjhuHWukdxBT9daWXQ
=UKbk
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
