I am trying to setup a IkeV2 VPN connection between a StrongSWAN 5.3.5 system and a Dell Sonicwall. In doing so, it seems like the strongswan side sees the connection as up but sonicwall side does not. Furthermore, the statusall output shows what looks like a second connection/tunnel trying to be established.
Any ideas/suggestions appreciated. Logs are large so I've put them on pastebin. *Log output (level 2)* http://pastebin.com/mZEkRTTp *Config* config setup uniqueids=no conn %default left=%defaultroute leftid=51.15.85.15 keyingtries=%forever keyexchange=ikev1 type=tunnel compress=no authby=secret auto=start dpdaction=none conn vpn-basf-prd #NOAUTO leftsubnet=51.76.21.161/32 # enterprise-mirth-01 right=191.25.81.121 rightid=191.25.81.121 rightsubnet=10.10.10.105/32 ike=aes256-sha1-modp1024 esp=aes256-sha1-modp1024 keyexchange=ikev2 ikelifetime=86400s keylife=28800s *ipsec statusall output* vpn-basf-prd: %any...191.25.81.121 IKEv2 vpn-basf-prd: local: [51.15.85.15] uses pre-shared key authentication vpn-basf-prd: remote: [191.25.81.121] uses pre-shared key authentication vpn-basf-prd: child: 51.76.21.161/32 === 10.10.10.105/32 TUNNEL vpn-basf-prd[73]: ESTABLISHED 2 seconds ago, 10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121] vpn-basf-prd[73]: IKEv2 SPIs: 41cb5d5c3cb88170_i 51f00949b54db925_r*, pre-shared key reauthentication in 23 hours vpn-basf-prd[73]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 vpn-basf-prd{141}: INSTALLED, TUNNEL, reqid 128, ESP in UDP SPIs: cb81da30_i 84d00d14_o vpn-basf-prd{141}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 168 bytes_o (2 pkts, 1s ago), rekeying in 7 hours vpn-basf-prd{141}: 51.76.21.161/32 === 10.10.10.105/32 vpn-basf-prd[19]: CONNECTING, 10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121] vpn-basf-prd[19]: IKEv2 SPIs: 5e925fa468fc0409_i* f367cd479c87f8a7_r vpn-basf-prd[19]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 vpn-basf-prd[19]: Tasks active: IKE_CERT_PRE IKE_AUTH IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIK
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users