Hi,
I am trying to establish tunnel in transport mode between two hosts. I am
using strongswan 4.3.6 on both sides.
when I use default configuration or AES algorithm, tunnel establishes
successfully.
But if I use 3des algorithm (ike=3des-sha1-modp1536) I am getting following
errors.
Nov
I am using openssl plugin for crypto.
result of ipsec statusall is
000 Status of IKEv1 pluto daemon (strongSwan 4.3.6):
000 interface eth2/eth2 fec0::ef01:500
000 interface eth0/eth0 fec0::ee01:500
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 1.1.1.1:500
Hi Anand,
I doubt that you are running strongSwan 4.3.6 on both sides
because the peer sends some Vendor IDs which pluto does not
recognize ;-)
Pluto cannot decrypt the first encrypted IKE message. This
usually means that either the Pre-Shared Secrets configured
by each side are not equal (you
Hello Laurence,
the normal thing to do is to put the end entity certificate MyBTS1.pem
with subject DN
C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN
into /etc/ipsec.d/certs/ and the root CA certificate with subject DN
C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
CN=SwanRoot
Hello Bill,
which socket plugin are you using for charon? (The command
ipsec statusall shows a list of all loaded plugins.)
If both charon and pluto are running you *must* load the
socket-raw plugin and if charon only is running then
you *can* use either the socket-default plugin which binds to
Probably XFRM is not enabled in the kernel. Have look at the list
of kernel modules which have to be activated:
http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
Regards
Andreas
On 11/17/2010 08:51 PM, Zorgh wrote:
Hi,
I got error charon too long to start... - kill kill. Can
Charon and socket-raw. The SA listed was started from Strongswan to the far
end.
Thanks,
Bill
[r...@kap8 etc]# ipsec statusall
Status of IKEv2 charon daemon (strongSwan 4.5.0):
uptime: 112 minutes, since Nov 17 14:01:20 2010
malloc: sbrk 253952, mmap 0, used 158000, free 95952
worker
Assuming from your /# prompt you are starting charon as root.
So this cannot be the reason that charon can't bind to the XFRM socket.
Andreas
On 11/17/2010 10:11 PM, Zorgh wrote:
Le 17/11/2010 21:56, Andreas Steffen a écrit :
Probably XFRM is not enabled in the kernel. Have look at the list