Hello, I have a router which only allows port forwarding ,hence ive implemented strongswan on a machine beyond this router and configured port forwarding. am failing to get an establishment to host which is connected to public ip directly using the same configurations which work when both machines are directly connected to public. below is error and is the a solution or a way round this?
Jul 8 11:36:33 localhost charon: 05[ENC] generating INFORMATIONAL_V1 request 416838970 [ N(NO_PROP) ] Jul 8 11:36:33 localhost charon: 05[NET] sending packet: from 192.168.100.2[500] to 185.3.95.94[500] (40 bytes) Jul 8 11:36:33 localhost charon: 05[IKE] IKE_SA (unnamed)[1] state change: CREATED => DESTROYING Jul 8 11:36:33 localhost charon: 03[NET] sending packet: from 192.168.100.2[500] to 185.3.95.94[500] Jul 8 11:47:04 localhost charon: 00[DMN] signal of type SIGINT received. Shutting down Jul 8 11:47:06 localhost charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 2.6.32-642.1.1.el6.x86_64, x86_64) Jul 8 11:47:06 localhost charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jul 8 11:47:06 localhost charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jul 8 11:47:06 localhost charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jul 8 11:47:06 localhost charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Jul 8 11:47:06 localhost charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Jul 8 11:47:06 localhost charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Jul 8 11:47:06 localhost charon: 00[CFG] loaded IKE secret for 41.60.182.160 185.3.95.94 Jul 8 11:47:06 localhost charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic Jul 8 11:47:06 localhost charon: 00[JOB] spawning 16 worker threads Jul 8 11:47:06 localhost charon: 01[NET] waiting for data on sockets Jul 8 11:47:06 localhost charon: 04[CFG] received stroke: add connection 'CRYSTALINE-gateway1' Jul 8 11:47:06 localhost charon: 04[CFG] conn CRYSTALINE-gateway1 Jul 8 11:47:06 localhost charon: 04[CFG] left=41.60.182.160 Jul 8 11:47:06 localhost charon: 04[CFG] leftsubnet=192.168.1.5/32 Jul 8 11:47:06 localhost charon: 04[CFG] leftauth=psk Jul 8 11:47:06 localhost charon: 04[CFG] leftid=41.60.182.160 Jul 8 11:47:06 localhost charon: 04[CFG] right=185.3.95.94 Jul 8 11:47:06 localhost charon: 04[CFG] rightsubnet=172.30.200.177/32 Jul 8 11:47:06 localhost charon: 04[CFG] rightauth=psk Jul 8 11:47:06 localhost charon: 04[CFG] rightid=185.3.95.94 Jul 8 11:47:06 localhost charon: 04[CFG] ike=3des-sha1-modp1024! Jul 8 11:47:06 localhost charon: 04[CFG] esp=3des-sha1! Jul 8 11:47:06 localhost charon: 04[CFG] dpddelay=30 Jul 8 11:47:06 localhost charon: 04[CFG] dpdtimeout=150 Jul 8 11:47:06 localhost charon: 04[CFG] mediation=no Jul 8 11:47:06 localhost charon: 04[CFG] keyexchange=ikev1 Jul 8 11:47:06 localhost charon: 04[CFG] left nor right host is our side, assuming left=local Jul 8 11:47:06 localhost charon: 04[CFG] added configuration 'CRYSTALINE-gateway1' Jul 8 11:47:06 localhost charon: 05[CFG] received stroke: route 'CRYSTALINE-gateway1' Jul 8 11:47:06 localhost charon: 05[CFG] proposing traffic selectors for us: Jul 8 11:47:06 localhost charon: 05[CFG] 192.168.1.5/32 Jul 8 11:47:06 localhost charon: 05[CFG] proposing traffic selectors for other: Jul 8 11:47:06 localhost charon: 05[CFG] 172.30.200.177/32 Jul 8 11:47:06 localhost charon: 05[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ Jul 8 11:47:11 localhost charon: 08[CFG] received stroke: initiate 'CRYSTALINE-gateway1' Jul 8 11:47:11 localhost charon: 11[IKE] queueing ISAKMP_VENDOR task Jul 8 11:47:11 localhost charon: 11[IKE] queueing ISAKMP_CERT_PRE task Jul 8 11:47:11 localhost charon: 11[IKE] queueing MAIN_MODE task Jul 8 11:47:11 localhost charon: 11[IKE] queueing ISAKMP_CERT_POST task Jul 8 11:47:11 localhost charon: 11[IKE] queueing ISAKMP_NATD task Jul 8 11:47:11 localhost charon: 11[IKE] queueing QUICK_MODE task Jul 8 11:47:11 localhost charon: 11[IKE] activating new tasks Jul 8 11:47:11 localhost charon: 11[IKE] activating ISAKMP_VENDOR task Jul 8 11:47:11 localhost charon: 11[IKE] activating ISAKMP_CERT_PRE task Jul 8 11:47:11 localhost charon: 11[IKE] activating MAIN_MODE task Jul 8 11:47:11 localhost charon: 11[IKE] activating ISAKMP_CERT_POST task Jul 8 11:47:11 localhost charon: 11[IKE] activating ISAKMP_NATD task Jul 8 11:47:11 localhost charon: 11[IKE] sending XAuth vendor ID Jul 8 11:47:11 localhost charon: 11[IKE] sending DPD vendor ID Jul 8 11:47:11 localhost charon: 11[IKE] sending NAT-T (RFC 3947) vendor ID Jul 8 11:47:11 localhost charon: 11[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID Jul 8 11:47:11 localhost charon: 11[IKE] initiating Main Mode IKE_SA CRYSTALINE-gateway1[1] to 185.3.95.94 Jul 8 11:47:11 localhost charon: 11[IKE] IKE_SA CRYSTALINE-gateway1[1] state change: CREATED => CONNECTING Jul 8 11:47:11 localhost charon: 11[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Jul 8 11:47:11 localhost charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V ] Jul 8 11:47:11 localhost charon: 11[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:47:11 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:47:11 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:47:15 localhost charon: 10[IKE] sending retransmit 1 of request message ID 0, seq 1 Jul 8 11:47:15 localhost charon: 10[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:47:15 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:47:15 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:47:22 localhost charon: 14[IKE] sending retransmit 2 of request message ID 0, seq 1 Jul 8 11:47:22 localhost charon: 14[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:47:22 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:47:22 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:47:35 localhost charon: 12[IKE] sending retransmit 3 of request message ID 0, seq 1 Jul 8 11:47:35 localhost charon: 12[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:47:35 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:47:35 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:47:58 localhost charon: 15[IKE] sending retransmit 4 of request message ID 0, seq 1 Jul 8 11:47:58 localhost charon: 15[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:47:58 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:47:58 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:48:16 localhost charon: 01[NET] received packet: from 185.3.95.94[500] to 192.168.100.2[500] Jul 8 11:48:16 localhost charon: 01[NET] waiting for data on sockets Jul 8 11:48:16 localhost charon: 13[NET] received packet: from 185.3.95.94[500] to 192.168.100.2[500] (152 bytes) Jul 8 11:48:16 localhost charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V ] Jul 8 11:48:16 localhost charon: 13[CFG] looking for an ike config for 192.168.100.2...185.3.95.94 Jul 8 11:48:16 localhost charon: 13[IKE] no IKE config found for 192.168.100.2...185.3.95.94, sending NO_PROPOSAL_CHOSEN Jul 8 11:48:16 localhost charon: 13[ENC] generating INFORMATIONAL_V1 request 409253792 [ N(NO_PROP) ] Jul 8 11:48:16 localhost charon: 13[NET] sending packet: from 192.168.100.2[500] to 185.3.95.94[500] (40 bytes) Jul 8 11:48:16 localhost charon: 13[IKE] IKE_SA (unnamed)[2] state change: CREATED => DESTROYING Jul 8 11:48:16 localhost charon: 03[NET] sending packet: from 192.168.100.2[500] to 185.3.95.94[500] Jul 8 11:48:38 localhost charon: 06[CFG] received stroke: initiate 'CRYSTALINE-gateway1' Jul 8 11:48:38 localhost charon: 07[IKE] queueing QUICK_MODE task Jul 8 11:48:38 localhost charon: 07[IKE] delaying task initiation, ID_PROT exchange in progress Jul 8 11:48:40 localhost charon: 05[IKE] sending retransmit 5 of request message ID 0, seq 1 Jul 8 11:48:40 localhost charon: 05[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] (152 bytes) Jul 8 11:48:40 localhost charon: 03[NET] sending packet: from 41.60.182.160[500] to 185.3.95.94[500] Jul 8 11:48:40 localhost charon: 03[NET] error writing to socket: Invalid argument Jul 8 11:49:56 localhost charon: 09[IKE] giving up after 5 retransmits Jul 8 11:49:56 localhost charon: 09[IKE] establishing IKE_SA failed, peer not responding Jul 8 11:49:56 localhost charon: 09[IKE] IKE_SA CRYSTALINE-gateway1[1] state change: CONNECTING => DESTROYING
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
