Hi All, I have installed both strongswan server and client . I am trying the virtual ip scenario with PSK auth method, but the i am not able to get it working with the attached configuration files used. Please find the attached server and client configuration file. I have installed the strongswan 5.1.0 version with the below confguration to reduce the size.
"--disable-rc2 --disable-md5 --disable-sha1 --disable-sha2 --disable-fips-prf \ --disable-aes--disable-des --enable-openssl --disable-pkcs1 --disable-pkcs7 --disable-pkcs8 \ --disable-pkcs12--disable-pgp --disable-dnskey --disable-sshkey --disable-hmac --disable-cmac \ --disable-xcbc --disable-gmp --disable-scripts --disable-ikev1 --disable-tools --enable-monolithic" these below logs are collect from the command #ipsec start --nofork /******** Client side log **********/ ipsec up host initiating IKE_SA host[1] to 10.73.127.45 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 10.43.135.221[500] to 10.73.127.45[500] (752 bytes) received packet: from 10.73.127.45[500] to 10.43.135.221[500] (440 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] authentication of '10.43.135.221' (myself) with pre-shared key establishing CHILD_SA host generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] sending packet: from 10.43.135.221[4500] to 10.73.127.45[4500] (412 bytes) received packet: from 10.73.127.45[4500] to 10.43.135.221[4500] (76 bytes) parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] received AUTHENTICATION_FAILED notify error establishing connection 'host' failed /***************************************************/ /******** Server side log **********/ 11[CFG] adding virtual IP address pool 'rw': 10.3.0.0/28 loading ca certificates from '/etc/ipsec.d/cacerts' loading aa certificates from '/etc/ipsec.d/aacerts' loading ocsp certificates from '/etc/ipsec.d/ocspcerts' Changing to directory '/etc/ipsec.d/crls' loading attribute certificates from '/etc/ipsec.d/acerts' spawning 4 worker threads listening for IKE messages adding interface wlan0/wlan0 10.73.127.45:500 adding interface lo/lo 127.0.0.1:500 adding interface lo/lo ::1:500 loading secrets from "/etc/ipsec.secrets" loaded PSK secret for 10.73.127.45 10.43.135.221 "/etc/ipsec.secrets" line 12: PSK data malformed (input does not begin with format prefix): 1234567890 added connection description "rw" 06[NET] received packet: from 10.43.135.221[500] to 10.73.127.45[500] 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 06[IKE] 10.43.135.221 is initiating an IKE_SA 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] 06[NET] sending packet: from 10.73.127.45[500] to 10.43.135.221[500] 05[NET] received packet: from 10.43.135.221[4500] to 10.73.127.45[4500] 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] 05[CFG] looking for peer configs matching 10.73.127.45[10.73.127.45]...10.43.135.221[10.43.135.221] 05[CFG] no matching peer config found 05[IKE] peer supports MOBIKE 05[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] 05[NET] sending packet: from 10.73.127.45[4500] to 10.43.135.221[4500] /**********************************************************************************/ Thanks Naveen
ipsec_client.conf
Description: Binary data
ipsec_client.secrets
Description: Binary data
ipsec_server.conf
Description: Binary data
ipsec_server.secrets
Description: Binary data
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users