Hi No help ??
Thanks Le jeu. 7 sept. 2017 à 09:15, Olivier CALVANO <[email protected]> a écrit : > Hi > > i have a problems on a new Site-to-Site configuration of Strongswan : > > > ipsec.conf: > > config setup > charondebug="knl 2, cfg 2" > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > authby=secret > keyexchange=ikev1 > mobike=no > > conn Galioppee > left=192.168.1.254 > leftsubnet=192.168.62.0/24 > leftfirewall=no > leftid=192.168.1.254 > leftauth=psk > > right=172.16.1.254 > rightsubnet=192.168.163.0/24 > rightid=172.16.1.254 > rightauth=psk > > type=tunnel > auto=start > ikelifetime=28800 > keylife=900 > aggressive=no > ike=aes256-sha1-modp1536! > esp=aes256-sha1-modp1536! > > > > i have change "auto=start" to "add" or "route" but same problems. > server: > > ifconfig > eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 192.168.1.254.11 netmask 255.255.255.0 broadcast > 192.168.1.255 > > eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > inet 172.20.22.233 netmask 255.255.255.248 broadcast > 172.20.22.239 > > ipsec0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400 > unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen > 500 (UNSPEC) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > route -n: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 0.0.0.0 192.168.1.1.1 0.0.0.0 UG 100 0 0 > eth1 > 172.20.22.232 0.0.0.0 255.255.255.248 U 100 0 0 > eth2 > 192.168.62.0 172.20.22.238 255.255.255.0 UG 0 0 0 > eth2 > 192.168.62.0 172.20.22.238 255.255.254.0 UG 0 0 0 > eth2 > > > > > in logs i have: > Sep 6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request > 2463978021 [ HASH SA No KE ID ID ] > Sep 6 17:34:43 irys01 charon: 12[CFG] looking for a child config for > 192.168.62.0/24 === 192.168.163.0/24 > Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us: > Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for > other: > Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.163.0/24 > Sep 6 17:34:43 irys01 charon: 12[CFG] candidate "Galioppee" with prio > 5+5 > Sep 6 17:34:43 irys01 charon: 12[CFG] found matching child config > "Galioppee" with prio 10 > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for > other: > Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.163.0/24, > received: 192.168.163.0/24 => match: 192.168.163.0/24 > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us: > Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.62.0/24, > received: 192.168.62.0/24 => match: 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 12[CFG] selecting proposal: > Sep 6 17:34:43 irys01 charon: 12[CFG] proposal matches > Sep 6 17:34:43 irys01 charon: 12[CFG] received proposals: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[CFG] configured proposals: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[CFG] selected proposal: > ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ > Sep 6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, > configured 0 > Sep 6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response > 2463978021 [ HASH SA No KE ID ID ] > Sep 6 17:34:43 irys01 charon: 12[NET] sending packet: from > 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes) > Sep 6 17:34:43 irys01 charon: 13[NET] received packet: from > 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes) > Sep 6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request > 2463978021 [ HASH ] > Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic > selector 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic > selector 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy > 192.168.62.0/24 === 192.168.163.0/24 out > Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic > selector 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic > selector 192.168.62.0/24 > Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy > 192.168.62.0/24 === 192.168.163.0/24 out > Sep 6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies > (SPD) in kernel > Sep 6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA > with SPI 16bcc04d > Sep 6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 request > 4069478722 [ HASH D ] > Sep 6 17:34:43 irys01 charon: 13[NET] sending packet: from > 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes) > Sep 6 17:36:12 irys01 charon: 15[NET] received packet: from > 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes) > Sep 6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request > 3827316135 [ HASH D ] > Sep 6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA > with SPI 16bcc04d > Sep 6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored > > > Anyone know my errors ? > thanks > olivier >
