Hi together,
i am very familiar with Strongswan V4 since year's and now i want
to upgrade to Strongswan V5.
First i tried to setup an Tunnel with X509-Certificates without any
success, so i tried to setup a simple PSK-Tunnel, also with no success.
The partners are one with Stronswan V4.6.4, the other with V5.3.3.
I hope someone could show me my fault.
First, the config of the V4.6.4
--------
config setup
plutodebug=none
uniqueids=yes
nat_traversal=yes
interfaces="%defaultroute"
conn %default
keyexchange=ikev1
keyingtries=1
conn testvpn
auto=add
authby=secret
left=192.168.62.20
leftsubnet=192.168.93.0/24
right=%any
rightsubnet=192.168.92.0/24
------
Second, the config of V5.3.3
---------
config setup
charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2, net 2, enc 2, li
b 2"
conn %default
keyingtries=1
keyexchange=ikev1
conn testvpn
auto=start
authby=secret
leftsubnet=192.168.92.0/24
right=79.232.231.58
rightsubnet=192.168.93.0/24
-------
As you can see, it is a very simple setup. I balanced the 2 ipsec.secret files, so the connection
can start, but it don't.
Here is the Log on the V4.6.4 machine:
Oct 1 16:40:03 pluto[2575]: added connection description "testvpn"
Oct 1 16:40:15 pluto[2575]: packet from 79.232.238.176:61017: received Vendor
ID payload [XAUTH]
Oct 1 16:40:15 pluto[2575]: packet from 79.232.238.176:61017: received Vendor ID payload [Dead Peer
Detection]
Oct 1 16:40:15 pluto[2575]: packet from 79.232.238.176:61017: received Vendor
ID payload [RFC 3947]
Oct 1 16:40:15 pluto[2575]: packet from 79.232.238.176:61017: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
Oct 1 16:40:15 pluto[2575]: "testvpn"[1] 79.232.238.176:61017 #1: responding to Main Mode from
unknown peer 79.232.238.176:61017
Oct 1 16:40:15 pluto[2575]: "testvpn"[1] 79.232.238.176:61017 #1: NAT-Traversal: Result using RFC
3947: both are NATed
Oct 1 16:40:15 pluto[2575]: "testvpn"[1] 79.232.238.176:61017 #1: Informational Exchange message
must be encrypted
that's all.
Charondebug on the V5.3.3 machine does not seem to work, i only got the
following Log:
Oct 1 16:40:15 ipsec_starter[4317]: Starting strongSwan 5.3.3 IPsec
[starter]...
Oct 1 16:40:15 ipsec_starter[4335]: charon (4336) started after 20 ms
Oct 1 16:40:15 charon: 09[IKE] initiating Main Mode IKE_SA testvpn[1] to
79.232.231.58
after starting the connection with
robo@/etc/ipsec.d/connections# ipsec start
Starting strongSwan 5.3.3 IPsec [starter]...
Hope for you help, best regards
Michael
--
Michael Niehren __ _ powered by
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ /
/____/_/_//_/\_,_/ /_/\_\
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
