'Re: [strongSwan] strongswan no shared key found'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] strongswan no shared key found
From:       Chasing Vega <chasingvega8 () gmail ! com>
Date:       2021-08-20 15:53:52
Message-ID: CAJXHN5iQGR1OFXfno8pad8GBL7-NA+UsWVrBN8XhBxqZx4HCcg () mail ! gmail ! com
[Download RAW message or body]

I reloaded the file and was ablt to get the secret . I get

[IKE] IKE_SA my-vpn[12] established between locip[locip]...ipsecip[ipsecip]
[IKE] scheduling reauthentication in 78158s
[IKE] maximum IKE_SA lifetime 86798s
[ENC] generating QUICK_MODE request 925866246 [ HASH SA No ID ID ]
[NET] sending packet: from locip[500] to ipsecip[500] (172 bytes)
[NET] received packet: from ipsecip[500] to locip[500] (108 bytes)
[ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) ]
[IKE] received (24576) notify
[NET] received packet: from ipsecip[500] to locip[500] (92 bytes)
[ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH N(NO_PROP) ]
[IKE] received NO_PROPOSAL_CHOSEN error notify

Does anyone know how I could proceed?

On Thu, 19 Aug 2021 at 17:02, Chasing Vega <chasingvega8@gmail.com> wrote:

> Hi
>
> I have a server which is public and accepts IPsec and am trying to connect
> to it through strong
>
> My configuration for strongswan is
>
> connections {
>     my-vpn {
>         remote_addrs = server_publicip
>         version = 1
>         proposals = aes256-sha-modp1024
>         reauth_time = 1440m
>         local {
>             auth = psk
>             id = loc
>         }
>         remote {
>             # id field here is inferred from the remote address
>             auth = psk
>             id = sec
>         }
>         children {
>             my-vpn-1 {
>                 local_ts = local_public_ip
>                 remote_ts = server_public_ip
>                 mode = transport
>                 esp_proposals = aes256-sha-modp1024
>                 rekey_time = 60m
>                 start_action = trap
>                 dpd_action = restart
>             }
>         }
>     }
>
> }
> secrets {
>    ike-my-vpn-1 {
>        id-1 = loc
>        id-2 = sec
>        secret = "This is a strong password"
>    }
> }
>
> When I try to run strongswan I get
>
> [IKE] initiating Main Mode IKE_SA my-vpn[49] to serveraddr
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from locip[500] to serveraddr[500] (184 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (108 bytes)
> [ENC] parsed ID_PROT response 0 [ SA V ]
> [IKE] received NAT-T (RFC 3947) vendor ID
> [CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> [NET] sending packet: from locip[500] to serveraddr[500] (244 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (304 bytes)
> [ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> [IKE] received Cisco Unity vendor ID
> [IKE] received DPD vendor ID
> [ENC] received unknown vendor ID:
> 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2
> [IKE] received XAuth vendor ID
> [IKE] no shared key found for 'loc'[locip] - 'sec'[serveraddr]
> [IKE] no shared key found for locip - serveraddr
> [ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) ]
> [NET] sending packet: from locip[500] to serveraddr[500] (56 bytes)
>
>
> Does anyone have suggestion?
>

[Attachment #3 (text/html)]

<div dir="ltr"><div>I reloaded the file and was ablt to get the secret . I \
get</div><div><br></div><div>[IKE] IKE_SA my-vpn[12] established between \
locip[locip]...ipsecip[ipsecip]<br>[IKE] scheduling reauthentication in \
78158s<br>[IKE] maximum IKE_SA lifetime 86798s<br>[ENC] generating QUICK_MODE request \
925866246 [ HASH SA No ID ID ]<br>[NET] sending packet: from locip[500] to \
ipsecip[500] (172 bytes)<br>[NET] received packet: from ipsecip[500] to locip[500] \
(108 bytes)<br>[ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) \
]<br>[IKE] received (24576) notify<br>[NET] received packet: from ipsecip[500] to \
locip[500] (92 bytes)<br>[ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH \
N(NO_PROP) ]<br>[IKE] received NO_PROPOSAL_CHOSEN error \
notify</div><div><br></div><div>Does anyone know how I could \
proceed?<br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, 19 Aug 2021 at 17:02, Chasing Vega &lt;<a \
href="mailto:chasingvega8@gmail.com">chasingvega8@gmail.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div>Hi</div><div><br></div><div>I have a server which is public and \
accepts IPsec and am trying to connect to it through \
strong</div><div><br></div><div>My configuration for strongswan is \
<br></div><div><br></div><div>connections {<br>      my-vpn {<br>            \
remote_addrs = server_publicip<br>            version = 1<br>            proposals = \
aes256-sha-modp1024<br>            reauth_time = 1440m<br>            local {<br>     \
auth = psk<br>                  id = loc<br>            }<br>            remote {<br> \
# id field here is inferred from the remote address<br>                  auth = \
psk<br>                  id = sec<br>            }<br>            children {<br>      \
my-vpn-1 {<br>                        local_ts = local_public_ip<br>                  \
remote_ts = server_public_ip<br>                        mode = transport<br>          \
esp_proposals = aes256-sha-modp1024<br>                        rekey_time = 60m<br>   \
start_action = trap<br>                        dpd_action = restart<br>               \
}<br>            }<br>      }<br><br>}<br>secrets {<br>     ike-my-vpn-1 {<br>        \
id-1 = loc<br>           id-2 = sec<br>           secret = &quot;This is a strong \
password&quot;<br>     }<br>}</div><div><br></div><div>When I try to run strongswan I \
get</div><div><br></div><div>[IKE] initiating Main Mode IKE_SA my-vpn[49] to \
serveraddr<br>[ENC] generating ID_PROT request 0 [ SA V V V V V ]<br>[NET] sending \
packet: from locip[500] to serveraddr[500] (184 bytes)<br>[NET] received packet: from \
serveraddr[500] to locip[500] (108 bytes)<br>[ENC] parsed ID_PROT response 0 [ SA V \
]<br>[IKE] received NAT-T (RFC 3947) vendor ID<br>[CFG] selected proposal: \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>[ENC] generating ID_PROT \
request 0 [ KE No NAT-D NAT-D ]<br>[NET] sending packet: from locip[500] to \
serveraddr[500] (244 bytes)<br>[NET] received packet: from serveraddr[500] to \
locip[500] (304 bytes)<br>[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D \
]<br>[IKE] received Cisco Unity vendor ID<br>[IKE] received DPD vendor ID<br>[ENC] \
received unknown vendor ID: 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2<br>[IKE] \
received XAuth vendor ID<br>[IKE] no shared key found for &#39;loc&#39;[locip] - \
&#39;sec&#39;[serveraddr]<br>[IKE] no shared key found for locip - \
serveraddr<br>[ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) \
]<br>[NET] sending packet: from locip[500] to serveraddr[500] (56 \
bytes)</div><div><br></div><div><br></div><div>Does anyone have \
suggestion?<br></div></div> </blockquote></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic