Re: [strongSwan] Configuration Error: received message ID 0, expected 1. Ignored

Fri, 23 Feb 2018 22:20:32 -0800

From the logs, box1 received "Auth Failed" response from box 2. You have to inspect the logs on box 2 to see why it is failing to authenticate box 1. 

--Jafar


On 2/23/2018 4:26 AM, Anne Ambe wrote:

Hi,
I have been struggling for the past week to configure an ipsec tunnel between two fedora19 boxes using strongswan version  5.1.3 I tried to follow the configuration for net2net with PSK found on this link https://www.strongswan.org/testing/testresults/ikev2/net2net-psk/index.html. 
Here is my configuration:

*Box1: *
*ipsec.conf:

*config setup
conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=secret
        keyexchange=ikev2
        mobike=no

conn fed1_fed2
        left=192.168.aa.bb
        leftsubnet=192.168.x.0/24
        leftid=@fed1
        leftfirewall=no
        right=192.168.aa.cc
        rightsubnet=192.168.y.0/24
        rightid=@fed2
        auto=add*
Box 2:

ipsec.conf

*config setup*
*conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=secret
        keyexchange=ikev2
        mobike=no

conn fed1_fed2
        left=192.168.aa.cc
        leftsubnet=192.168.y.0/24
        leftid=@fed2
        leftfirewall=no
        right=192.168.aa.bb
        rightsubnet=192.168.x.0/24
        rightid=@fed1
        auto=add*

Common on box1 and box 2

strongswan.conf
*charon {
  load = random nonce aes sha1 sha2 gmp curve25519 hmac stroke kernel-netlink socket-default updown 
  multiple_authentication = no
}*
*
**ipsec.secret
**@fed1 @fed2 : PSK 0sblahblahblah**

when i try to bring  up this tunnel from box1 this i get this error
**initiating IKE_SA fed1_fed2[1] to 192.168.aa.cc
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (652 bytes)
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (376 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No V ]
received unknown vendor ID: 4f:45:76:79:5c:6b:67:7a:57:71:5c:73
authentication of 'fed1' (myself) with pre-shared key
establishing CHILD_SA fed1_fed2
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) ] 
sending packet: from 192.168.aa.bb[500] to 192.168.aa.cc[500] (364 bytes)
received packet: from 192.168.aa.cc[500] to 192.168.aa.bb[500] (36 bytes)
parsed IKE_SA_INIT response 0 [ N(AUTH_FAILED) ]
*received message ID 0, expected 1. Ignored***
**I am very new to strongswan.Please any guidance will be very much appreciated.** 

Thanks

Anne
**
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> 

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Reply via email to