Project

General

Profile

Issue #1290

Updated by Tobias Brunner over 6 years ago

Hello,

I need a connection beetween strongswan (5.3.5) and openswan (2.6.43). Strongswan is an initiator and openswan is an responder. But openswan rejects conncetion with following messages:

<pre>
2016-02-01 15:05:34 pluto[8902]: packet from 10.40.30.240:500: received Vendor ID payload [XAUTH]
2016-02-01 15:05:34 pluto[8902]: packet from 10.40.30.240:500: received Vendor ID payload [Dead Peer Detection]
2016-02-01 15:05:34 pluto[8902]: packet from 10.40.30.240:500: received Vendor ID payload [RFC 3947] method set to=115
2016-02-01 15:05:34 pluto[8902]: packet from 10.40.30.240:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
2016-02-01 15:05:34 pluto[8902]: packet from 10.40.30.240:500: initial Main Mode message received on 10.40.30.242:500 but no connection has been authorized with policy=PSK+XAUTH
</pre>


strongswan's ipsec.conf:
<pre>


conn ipsec1
leftid="10.40.30.240"
rightid="10.40.30.242"
authby=psk
leftauth=psk
rightauth=psk
ikelifetime=3600
keylife=3600
rekeymargin=540
rekeyfuzz=100%
type=tunnel
esp=aes128-sha1,3des-sha1
keyexchange=ikev1
right=10.40.30.242
left=10.40.30.240
leftsubnet=192.168.1.0/24
rightsubnet=192.168.100.0/24
auto=start
leftfirewall=yes
</pre>


I think that problem is that strongswan sends XAUTH even though XAUTH is not set up in config file.
When openswan is initiator and strongswan responder (auto=add) tunnel is succesfully estabilished.

Thank you for any suggestions

Back