Hello All,
I am trying to setup the IKEv1 VPN connection with type as IPSEC XAUTH PSK on
android ICS with strongswan server.
Below is my /etc/ipsec.conf
conn android
authby=xauthpsk
xauth=server
left=192.168.43.62
leftsubnet=0.0.0.0/0
leftnexthop=%defaultroute
leftsourceip=10.0.0.2
right=%any
rightsubnet=0.0.0.0/0
rightnexthop=%defaultroute
rightsourceip=10.0.0.3
pfs=no
auto=add
below is the snapshot of ipsec.secrets
192.168.43.62 192.168.43.212 %any : PSK "whatyouseeiswhatyouget"
: RSA serverKey.pem
ipsecvpn : XAUTH 0x7365637265743230313200
include /var/lib/strongswan/ipsec.secrets.inc
Note:
Above in ipsec.secrets file, I already provided xauth password in binary format
with NULL terminated for taking care of Android 4 implementation.
Configured the same settings on client with the same PSK and xauth password.
After the above settings, when I tried to enable VPN on client, from the
wireshark logs of server, I observe that client is keep on sending Identity
protection (main mode) message to the server but the server is not replying
back.
Upon checking the server logs, I observe following error - "packet from
192.168.43.62:500: initial Main Mode message received on 192.168.43.212:500 but
no connection has been authorized with policy=XAUTHPSK+XAUTHSERVER".
Below are the log snippets.
May 3 13:11:48 Linux pluto[2209]: | preparse_isakmp_policy: peer requests
XAUTHPSK+XAUTHSERVER authentication
May 3 13:11:48 Linux pluto[2209]: packet from 192.168.43.62:500: initial Main
Mode message received on 192.168.43.212:500 but no connection has been
authorized with policy=XAUTHPSK+XAUTHSERVER
May 3 13:11:48 Linux pluto[2209]: | next event EVENT_REINIT_SECRET in 2635
seconds
Can somebody please provide some update on the above error.
Thanks,
-Kushagra
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
