Project

General

Profile

Issue #1329

psk establishment between roadway as swanctl and gateway(Server

Added by Rahul surya over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Brunner
Category:
configuration
Affected version:
5.3.5
Resolution:
No change required

Description

swanctl -i --child home
[IKE] initiating IKE_SA home[1] to 192.168.30.1
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 1 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 2 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 3 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 4 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 5 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] giving up after 5 retransmits
[IKE] establishing IKE_SA failed, peer not responding
initiate failed: establishing CHILD_SA 'home' failed

so i changed my swanctl.config file as
connections {

   home {
      local_addrs  = 192.168.30.2
      remote_addrs = 192.168.30.1

      local {
         auth = psk
         id = 192.168.30.2
      }
      remote {
         auth = psk
         id = 192.168.30.1
      }
      children {
         home {
           # remote_ts = 10.1.0.0/16
                remote_ts=192.168.40.0/24
            start_action = none
            updown = /usr/local/libexec/ipsec/_updown iptables
            rekey_time = 10m
           # esp_proposals = aes128gcm128-modp2048
        esp_proposals = aes128-sha1-modp1024
        }
      }

      version = 2
      reauth_time = 60m
      rekey_time =  20m
     # proposals = aes128-sha256-modp2048
        proposals = aes128-sha1-modp1024
        #proposals = =aes128-sha1;modp1024
         }
}

secrets {

   ike-moon {
      id = 192.168.30.1
    secret = ipsec
        #  secret = 0sjVzONCF02ncsgiSlmIXeqhGN
   }
}

and my server side config as

#basic configuration

config setup

 dumpdir=/var/run/pluto/

 virtual_private=%v4:0.0.0.0/0

 oe=off

 protostack=klips

 nhelpers=1

 ipsecinterfaces="vEth0" 
 plutodebug="all" 
conn clientvpn1

        ikev2=insist

        authby=secret

        left=192.168.30.1

        leftsubnet=192.168.40.0/24
right=192.168.30.2

        rightsubnet=192.168.50.0/24

         ike=aes128-sha1;modp2048

        phase2=esp

        phase2alg=aes128-sha1

        pfs=yes

        rekey=yes
        type=tunnel

        auto=add

History

#1 Updated by Tobias Brunner over 9 years ago

  • Description updated (diff)
  • Category set to configuration
  • Status changed from New to Feedback
  • Priority changed from Immediate to Normal

It looks like your server does not listen on port 500 or some firewall blocks the traffic. Check the server log and/or do some traffic capture to see where the packets get stuck.

#2 Updated by Rahul surya over 9 years ago

Tobias Brunner wrote:

It looks like your server does not listen on port 500 or some firewall blocks the traffic. Check the server log and/or do some traffic capture to see where the packets get stuck.

Thank you tobias brunner
it is working fine now
i just added local_ts="local ip" in swanctl.conf file

#3 Updated by Tobias Brunner over 9 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required