Hi Liong, > Jun 9 17:14:32 uatvpngateway charon: 07[CFG] looking for peer configs > matching 10.15.66.10[%any]...1.2.3.4[1.2.3.4]
rightid=1.2.3.4 Kind regards Noel Am 09.06.20 um 11:27 schrieb Liong Kok Foo: > Hi, > > I am new to strongswan and have not had much experience setting up VPN > connection. > > I need to setup a new VPN connection to a client but just cannot seems to get > it working. > > Here are the information provided by client: > > IKEv2 (Phase 1) Proposal > Available for ping (Yes/No) No > IKE Mode (Aggressive/Main) Main > IKE Authentication method Pre-shared key > IKE Pre-shared key xxxxxx > IKE Group Group 14 > IKE Encryption AES-256 > IKE Authentication SHA2-256 > IKE Lifetime (seconds) 86400 > Life Time (KB) 86400 > IPsec (Phase 2) Proposal > IPsec Group Group 14 > IPsec Protocol ESP > IPsec Encryption AES-256 > IPsec Authentication SHA2-256 > IPsec Lifetime (seconds) 3600 > Life Time (KB) 28800 > Enable Perfect Forward Secrecy Yes > PFS / DH-group Yes/Gp-14 > Encapsulation Mode Tunnel > IP addresses carried in tunnel (Private IP address, IP range assigned by > client) Crypto ACL > Source (Encryption Domain) 192.168.40.33/30(DR) > 192.168.40.34/30(UAT) > Port Any > VPN DPD always enabled Enabled > To disable monitoring ICMP echo requests (or pings) à by right to determine > if a VPN tunnel is up however for this case it’s dropping the VPN > connections. Disabled > To disable a proxy-ID negotiation, it is used during phase 2 of Internet Key > Exchange (IKE) Virtual Private Network (VPN) negotiations. Disabled > NAT traversal (TCP4500) Disabled > > > Here is my configuration file: > > IPsec.conf > > # ipsec.conf - strongSwan IPsec configuration file > > # basic configuration > > config setup > > conn %default > ikelifetime=1440m > keylife=60m > rekeymargin=3m > keyingtries=1 > authby=secret > keyexchange=ikev2 > mobike=no > > conn net-net > left=10.15.66.10 > leftsubnet=10.15.66.0/24 > leftid=@me > leftfirewall=yes > right=1.2.3.4 (client public IP changed) > rightsubnet=192.168.118.0/24 > rightid=@client > ike=aes256-sha2_256-modp2048! > esp=aes256-sha2_256-modp2048! > auto=start > > > ipsec.secrets: > > # ipsec.secrets - strongSwan IPsec secrets file > @me @client : PSK "xxxxxx" > > > Here is a part of the message log: > > Jun 9 17:14:32 uatvpngateway charon: 06[NET] received packet: from > 1.2.3.4[500] to 10.15.66.10[500] (384 bytes) > Jun 9 17:14:32 uatvpngateway charon: 06[ENC] parsed IKE_SA_INIT request 0 [ > SA KE No N(FRAG_SUP) ] > Jun 9 17:14:32 uatvpngateway charon: 06[IKE] 1.2.3.4 is initiating an IKE_SA > Jun 9 17:14:32 uatvpngateway charon: 06[CFG] selected proposal: > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 > Jun 9 17:14:32 uatvpngateway charon: 06[ENC] generating IKE_SA_INIT response > 0 [ SA KE No N(FRAG_SUP) N(MULT_AUTH) ] > Jun 9 17:14:32 uatvpngateway charon: 06[NET] sending packet: from > 10.15.66.10[500] to 1.2.3.4[500] (392 bytes) > Jun 9 17:14:32 uatvpngateway charon: 07[NET] received packet: from > 1.2.3.4[500] to 10.15.66.10[500] (448 bytes) > Jun 9 17:14:32 uatvpngateway charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi > N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ] > Jun 9 17:14:32 uatvpngateway charon: 07[CFG] looking for peer configs > matching 10.15.66.10[%any]...1.2.3.4[1.2.3.4] > Jun 9 17:14:32 uatvpngateway charon: 07[CFG] no matching peer config found > Jun 9 17:14:32 uatvpngateway charon: 07[ENC] generating IKE_AUTH response 1 > [ N(AUTH_FAILED) ] > Jun 9 17:14:32 uatvpngateway charon: 07[NET] sending packet: from > 10.15.66.10[500] to 1.2.3.4[500] (80 bytes) > > Would appreciate if anyone can help to provide guidance on getting this > working. > > Thanks > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> > Virus-free. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> > > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
signature.asc
Description: OpenPGP digital signature
