Help !!!!!!
Le dim. 10 sept. 2017 à 07:49, Olivier CALVANO <[email protected]> a écrit : > Hi > > No help ?? > > Thanks > > Le jeu. 7 sept. 2017 à 09:15, Olivier CALVANO <[email protected]> a > écrit : > >> Hi >> >> i have a problems on a new Site-to-Site configuration of Strongswan : >> >> >> ipsec.conf: >> >> config setup >> charondebug="knl 2, cfg 2" >> >> conn %default >> ikelifetime=60m >> keylife=20m >> rekeymargin=3m >> keyingtries=1 >> authby=secret >> keyexchange=ikev1 >> mobike=no >> >> conn Galioppee >> left=192.168.1.254 >> leftsubnet=192.168.62.0/24 >> leftfirewall=no >> leftid=192.168.1.254 >> leftauth=psk >> >> right=172.16.1.254 >> rightsubnet=192.168.163.0/24 >> rightid=172.16.1.254 >> rightauth=psk >> >> type=tunnel >> auto=start >> ikelifetime=28800 >> keylife=900 >> aggressive=no >> ike=aes256-sha1-modp1536! >> esp=aes256-sha1-modp1536! >> >> >> >> i have change "auto=start" to "add" or "route" but same problems. >> server: >> >> ifconfig >> eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 192.168.1.254.11 netmask 255.255.255.0 broadcast >> 192.168.1.255 >> >> eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 172.20.22.233 netmask 255.255.255.248 broadcast >> 172.20.22.239 >> >> ipsec0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1400 >> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >> txqueuelen 500 (UNSPEC) >> RX packets 0 bytes 0 (0.0 B) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 0 bytes 0 (0.0 B) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> route -n: >> >> Kernel IP routing table >> Destination Gateway Genmask Flags Metric Ref Use >> Iface >> 0.0.0.0 192.168.1.1.1 0.0.0.0 UG 100 0 0 >> eth1 >> 172.20.22.232 0.0.0.0 255.255.255.248 U 100 0 0 >> eth2 >> 192.168.62.0 172.20.22.238 255.255.255.0 UG 0 0 0 >> eth2 >> 192.168.62.0 172.20.22.238 255.255.254.0 UG 0 0 0 >> eth2 >> >> >> >> >> in logs i have: >> Sep 6 17:34:43 irys01 charon: 12[ENC] parsed QUICK_MODE request >> 2463978021 [ HASH SA No KE ID ID ] >> Sep 6 17:34:43 irys01 charon: 12[CFG] looking for a child config for >> 192.168.62.0/24 === 192.168.163.0/24 >> Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for us: >> Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 12[CFG] proposing traffic selectors for >> other: >> Sep 6 17:34:43 irys01 charon: 12[CFG] 192.168.163.0/24 >> Sep 6 17:34:43 irys01 charon: 12[CFG] candidate "Galioppee" with prio >> 5+5 >> Sep 6 17:34:43 irys01 charon: 12[CFG] found matching child config >> "Galioppee" with prio 10 >> Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for >> other: >> Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.163.0/24, >> received: 192.168.163.0/24 => match: 192.168.163.0/24 >> Sep 6 17:34:43 irys01 charon: 12[CFG] selecting traffic selectors for us: >> Sep 6 17:34:43 irys01 charon: 12[CFG] config: 192.168.62.0/24, >> received: 192.168.62.0/24 => match: 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 12[CFG] selecting proposal: >> Sep 6 17:34:43 irys01 charon: 12[CFG] proposal matches >> Sep 6 17:34:43 irys01 charon: 12[CFG] received proposals: >> ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ >> Sep 6 17:34:43 irys01 charon: 12[CFG] configured proposals: >> ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ >> Sep 6 17:34:43 irys01 charon: 12[CFG] selected proposal: >> ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1536/NO_EXT_SEQ >> Sep 6 17:34:43 irys01 charon: 12[IKE] received 4608000000 lifebytes, >> configured 0 >> Sep 6 17:34:43 irys01 charon: 12[ENC] generating QUICK_MODE response >> 2463978021 [ HASH SA No KE ID ID ] >> Sep 6 17:34:43 irys01 charon: 12[NET] sending packet: from >> 192.168.1.254[4500] to 172.16.1.254[4500] (396 bytes) >> Sep 6 17:34:43 irys01 charon: 13[NET] received packet: from >> 172.16.1.254[4500] to 192.168.1.254[4500] (60 bytes) >> Sep 6 17:34:43 irys01 charon: 13[ENC] parsed QUICK_MODE request >> 2463978021 [ HASH ] >> Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic >> selector 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic >> selector 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy >> 192.168.62.0/24 === 192.168.163.0/24 out >> Sep 6 17:34:43 irys01 charon: 13[KNL] getting a local address in traffic >> selector 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 13[KNL] no local address found in traffic >> selector 192.168.62.0/24 >> Sep 6 17:34:43 irys01 charon: 13[KNL] error installing route with policy >> 192.168.62.0/24 === 192.168.163.0/24 out >> Sep 6 17:34:43 irys01 charon: 13[IKE] unable to install IPsec policies >> (SPD) in kernel >> Sep 6 17:34:43 irys01 charon: 13[IKE] sending DELETE for ESP CHILD_SA >> with SPI 16bcc04d >> Sep 6 17:34:43 irys01 charon: 13[ENC] generating INFORMATIONAL_V1 >> request 4069478722 [ HASH D ] >> Sep 6 17:34:43 irys01 charon: 13[NET] sending packet: from >> 192.168.1.254[4500] to 172.16.1.254[4500] (76 bytes) >> Sep 6 17:36:12 irys01 charon: 15[NET] received packet: from >> 172.16.1.254[4500] to 192.168.1.254[4500] (76 bytes) >> Sep 6 17:36:12 irys01 charon: 15[ENC] parsed INFORMATIONAL_V1 request >> 3827316135 [ HASH D ] >> Sep 6 17:36:12 irys01 charon: 15[IKE] received DELETE for ESP CHILD_SA >> with SPI 16bcc04d >> Sep 6 17:36:12 irys01 charon: 15[IKE] CHILD_SA not found, ignored >> >> >> Anyone know my errors ? >> thanks >> olivier >> >
