Issue #1329
Updated by Tobias Brunner over 9 years ago
<pre>
swanctl -i --child home
[IKE] initiating IKE_SA home[1] to 192.168.30.1
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 1 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 2 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 3 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 4 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 5 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] giving up after 5 retransmits
[IKE] establishing IKE_SA failed, peer not responding
initiate failed: establishing CHILD_SA 'home' failed
</pre>
*so @+*so i changed my swanctl.config file as* as*+@
<pre>
connections {
home {
local_addrs = 192.168.30.2
remote_addrs = 192.168.30.1
local {
auth = psk
id = 192.168.30.2
}
remote {
auth = psk
id = 192.168.30.1
}
children {
home {
# remote_ts = 10.1.0.0/16
remote_ts=192.168.40.0/24
start_action = none
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 10m
# esp_proposals = aes128gcm128-modp2048
esp_proposals = aes128-sha1-modp1024
}
}
version = 2
reauth_time = 60m
rekey_time = 20m
# proposals = aes128-sha256-modp2048
proposals = aes128-sha1-modp1024
#proposals = =aes128-sha1;modp1024
}
}
secrets {
ike-moon {
id = 192.168.30.1
secret = ipsec
# secret = 0sjVzONCF02ncsgiSlmIXeqhGN
}
}
</pre>
+_
*and my server side config as* as*+
<pre> _
#basic configuration
config setup
dumpdir=/var/run/pluto/
virtual_private=%v4:0.0.0.0/0
oe=off
protostack=klips
nhelpers=1
ipsecinterfaces="vEth0"
plutodebug="all"
conn clientvpn1
ikev2=insist
authby=secret
left=192.168.30.1
leftsubnet=192.168.40.0/24
right=192.168.30.2
rightsubnet=192.168.50.0/24
ike=aes128-sha1;modp2048
phase2=esp
phase2alg=aes128-sha1
pfs=yes
rekey=yes
type=tunnel
auto=add
</pre>
swanctl -i --child home
[IKE] initiating IKE_SA home[1] to 192.168.30.1
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 1 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 2 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 3 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 4 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] retransmit 5 of request with message ID 0
[NET] sending packet: from 192.168.30.2[500] to 192.168.30.1[500] (320 bytes)
[IKE] giving up after 5 retransmits
[IKE] establishing IKE_SA failed, peer not responding
initiate failed: establishing CHILD_SA 'home' failed
</pre>
*so @+*so i changed my swanctl.config file as* as*+@
<pre>
connections {
home {
local_addrs = 192.168.30.2
remote_addrs = 192.168.30.1
local {
auth = psk
id = 192.168.30.2
}
remote {
auth = psk
id = 192.168.30.1
}
children {
home {
# remote_ts = 10.1.0.0/16
remote_ts=192.168.40.0/24
start_action = none
updown = /usr/local/libexec/ipsec/_updown iptables
rekey_time = 10m
# esp_proposals = aes128gcm128-modp2048
esp_proposals = aes128-sha1-modp1024
}
}
version = 2
reauth_time = 60m
rekey_time = 20m
# proposals = aes128-sha256-modp2048
proposals = aes128-sha1-modp1024
#proposals = =aes128-sha1;modp1024
}
}
secrets {
ike-moon {
id = 192.168.30.1
secret = ipsec
# secret = 0sjVzONCF02ncsgiSlmIXeqhGN
}
}
</pre>
+_
*and my server side config as* as*+
<pre> _
#basic configuration
config setup
dumpdir=/var/run/pluto/
virtual_private=%v4:0.0.0.0/0
oe=off
protostack=klips
nhelpers=1
ipsecinterfaces="vEth0"
plutodebug="all"
conn clientvpn1
ikev2=insist
authby=secret
left=192.168.30.1
leftsubnet=192.168.40.0/24
right=192.168.30.2
rightsubnet=192.168.50.0/24
ike=aes128-sha1;modp2048
phase2=esp
phase2alg=aes128-sha1
pfs=yes
rekey=yes
type=tunnel
auto=add
</pre>