[strongSwan] strongSwan IKEv1 question

Fri, 06 May 2011 13:55:53 -0700 

Hi, I am trying to setup a IKEv1 tunnel with a Security Gateway using 
strongSwan as client. But the tunnel failed at phase 2 negotiation with the 
following errors, can some one help?
[root@acme94 etc]# /usr/local2/sbin/ipsec up pskv1002 "pskv1" #3: initiating 
Main Mode102 "pskv1" #3: STATE_MAIN_I1: initiate003 "pskv1" #3: received Vendor 
ID payload [Dead Peer Detection]104 "pskv1" #3: STATE_MAIN_I2: sent MI2, 
expecting MR2106 "pskv1" #3: STATE_MAIN_I3: sent MI3, expecting MR3002 "pskv1" 
#3: Peer ID is ID_IPV4_ADDR: '172.16.18.102'002 "pskv1" #3: ISAKMP SA 
established004 "pskv1" #3: STATE_MAIN_I4: ISAKMP SA established002 "pskv1" #4: 
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#3}110 "pskv1" #4: 
STATE_QUICK_I1: initiate002 "pskv1" #4: up-host output: 
/usr/libexec/ipsec/_updown: obsolete interface version `1.1',002 "pskv1" #4: 
up-host output: /usr/libexec/ipsec/_updown: \011called by obsolete Pluto?003 
"pskv1" #4: up-host command exited with status 2032 "pskv1" #4: STATE_QUICK_I1: 
internal error010 "pskv1" #4: STATE_QUICK_I1: retransmission; will wait 20s for 
response010 "pskv1" #4: STATE_QUICK_I1: retransmission; will
 wait 40s for response031 "pskv1" #4: max number of retransmissions (2) reached 
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: 
perhaps peer likes no proposal
I am running strongSwan4.5.0 with the following configuration:strongswan.conf :
# strongswan.conf - strongSwan configuration filepluto {  load = sha1 sha2 md5 
aes des hmac gmp random kernel-netlink}
# pluto uses optimized DH exponent sizes (RFC 3526)
libstrongswan {  dh_exponent_ansi_x9_42 = no}
ipsec.conf :# ipsec.conf - strongSwan IPsec configuration file
config setup        plutodebug=control        charonstart=no
conn %default        ikelifetime=60m        keylife=20m        rekeymargin=3m   
     keyingtries=1        keyexchange=ikev1        authby=secret
conn pskv1        left=172.16.18.202        leftfirewall=yes        
right=172.16.18.102        rightsubnet=172.16.18.102/32        auto=add
ipsec.secrets :# /etc/ipsec.secrets - strongSwan IPsec secrets file
172.16.18.202 172.16.18.102 : PSK "ipsecsecrets"


_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to