Still not feeling the love, unfortunately.
I never tried to connect from Central to East, I was always trying to go from
East to Central.
When I try to go from Central to East, I get a slightly different error message
when attempting to start the connection.
swanctl.conf (East)
connections {
EastCentral {
version=2
local_addrs=WW.XX.YY.ZZ
proposals=aes256-sha1-modp1024, default
local-0 {
auth = psk
}
remote-0 {
auth = psk
}
remote_addrs=AA.BB.CC.DD
children {
EastCentral {
esp_proposals=aes256-sha1, default
dpd_action=restart
local_ts=10.0.0.0/16
remote_ts=10.64.0.0/16,10.128.0.0/16
}
}
}
}
swanctl.conf (Central)
connections {
CentralEast {
version=2
local_addrs=AA.BB.CC.DD
proposals=aes256-sha1-modp1024, default
local-0 {
auth = psk
}
remote-0 {
auth = psk
}
remote_addrs=WW.XX.YY.ZZ
children {
CentralEast {
esp_proposals=aes256-sha1, default
dpd_action=restart
local_ts=10.64.0.0/16,10.128.0.0/16
remote_ts=10.0.0.0/16
}
}
}
}
--- If attempting to connect to Central from East:
[root@EastRouter swanctl]# swanctl --load-conns
loaded connection 'EastCentral'
successfully loaded 1 connections, 0 unloaded
[root@EastRouter swanctl]# strongswan up EastRouter
establishing CHILD_SA EastCentral{32}
generating CREATE_CHILD_SA request 2 [ SA No TSi TSr ]
sending packet: from WW.XX.YY.ZZ[4500] to AA.BB.CC.DD[4500] (620 bytes)
received packet: from AA.BB.CC.DD[4500] to WW.XX.YY.ZZ[4500] (76 bytes)
parsed CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]
received TS_UNACCEPTABLE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
establishing connection 'EastCentral' failed
[root@EastRouter swanctl]#
------ If attempting to connect to East from Central:
[root@CentralRouter conf.d]# swanctl --load-conns
loaded connection 'CentralEast'
successfully loaded 1 connections, 0 unloaded
[root@CentralRouter conf.d]# strongswan up CentralEast
establishing CHILD_SA CentralEast{88}
generating CREATE_CHILD_SA request 0 [ SA No TSi TSr ]
sending packet: from AA.BB.CC.DD[4500] to WW.XX.YY.ZZ[4500] (620 bytes)
received packet: from WW.XX.YY.ZZ[4500] to AA.BB.CC.DD[4500] (476 bytes)
parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
error installing route with policy 10.128.0.0/16 === 10.0.0.0/16 out
unable to install IPsec policies (SPD) in kernel
failed to establish CHILD_SA, keeping IKE_SA
sending DELETE for ESP CHILD_SA with SPI 255b9e78
generating INFORMATIONAL request 1 [ D ]
sending packet: from AA.BB.CC.DD[4500] to WW.XX.YY.ZZ[4500] (76 bytes)
received packet: from WW.XX.YY.ZZ[4500] to AA.BB.CC.DD[4500] (76 bytes)
parsed INFORMATIONAL response 1 [ D ]
establishing connection 'CentralEast' failed
[root@CentralRouter conf.d]#
