[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] strongswan no shared key found
From: Chasing Vega <chasingvega8 () gmail ! com>
Date: 2021-08-20 15:53:52
Message-ID: CAJXHN5iQGR1OFXfno8pad8GBL7-NA+UsWVrBN8XhBxqZx4HCcg () mail ! gmail ! com
[Download RAW message or body]
I reloaded the file and was ablt to get the secret . I get
[IKE] IKE_SA my-vpn[12] established between locip[locip]...ipsecip[ipsecip]
[IKE] scheduling reauthentication in 78158s
[IKE] maximum IKE_SA lifetime 86798s
[ENC] generating QUICK_MODE request 925866246 [ HASH SA No ID ID ]
[NET] sending packet: from locip[500] to ipsecip[500] (172 bytes)
[NET] received packet: from ipsecip[500] to locip[500] (108 bytes)
[ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) ]
[IKE] received (24576) notify
[NET] received packet: from ipsecip[500] to locip[500] (92 bytes)
[ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH N(NO_PROP) ]
[IKE] received NO_PROPOSAL_CHOSEN error notify
Does anyone know how I could proceed?
On Thu, 19 Aug 2021 at 17:02, Chasing Vega <chasingvega8@gmail.com> wrote:
> Hi
>
> I have a server which is public and accepts IPsec and am trying to connect
> to it through strong
>
> My configuration for strongswan is
>
> connections {
> my-vpn {
> remote_addrs = server_publicip
> version = 1
> proposals = aes256-sha-modp1024
> reauth_time = 1440m
> local {
> auth = psk
> id = loc
> }
> remote {
> # id field here is inferred from the remote address
> auth = psk
> id = sec
> }
> children {
> my-vpn-1 {
> local_ts = local_public_ip
> remote_ts = server_public_ip
> mode = transport
> esp_proposals = aes256-sha-modp1024
> rekey_time = 60m
> start_action = trap
> dpd_action = restart
> }
> }
> }
>
> }
> secrets {
> ike-my-vpn-1 {
> id-1 = loc
> id-2 = sec
> secret = "This is a strong password"
> }
> }
>
> When I try to run strongswan I get
>
> [IKE] initiating Main Mode IKE_SA my-vpn[49] to serveraddr
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from locip[500] to serveraddr[500] (184 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (108 bytes)
> [ENC] parsed ID_PROT response 0 [ SA V ]
> [IKE] received NAT-T (RFC 3947) vendor ID
> [CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> [NET] sending packet: from locip[500] to serveraddr[500] (244 bytes)
> [NET] received packet: from serveraddr[500] to locip[500] (304 bytes)
> [ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
> [IKE] received Cisco Unity vendor ID
> [IKE] received DPD vendor ID
> [ENC] received unknown vendor ID:
> 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2
> [IKE] received XAuth vendor ID
> [IKE] no shared key found for 'loc'[locip] - 'sec'[serveraddr]
> [IKE] no shared key found for locip - serveraddr
> [ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) ]
> [NET] sending packet: from locip[500] to serveraddr[500] (56 bytes)
>
>
> Does anyone have suggestion?
>
[Attachment #3 (text/html)]
<div dir="ltr"><div>I reloaded the file and was ablt to get the secret . I \
get</div><div><br></div><div>[IKE] IKE_SA my-vpn[12] established between \
locip[locip]...ipsecip[ipsecip]<br>[IKE] scheduling reauthentication in \
78158s<br>[IKE] maximum IKE_SA lifetime 86798s<br>[ENC] generating QUICK_MODE request \
925866246 [ HASH SA No ID ID ]<br>[NET] sending packet: from locip[500] to \
ipsecip[500] (172 bytes)<br>[NET] received packet: from ipsecip[500] to locip[500] \
(108 bytes)<br>[ENC] parsed INFORMATIONAL_V1 request 3675363864 [ HASH N((24576)) \
]<br>[IKE] received (24576) notify<br>[NET] received packet: from ipsecip[500] to \
locip[500] (92 bytes)<br>[ENC] parsed INFORMATIONAL_V1 request 2592328021 [ HASH \
N(NO_PROP) ]<br>[IKE] received NO_PROPOSAL_CHOSEN error \
notify</div><div><br></div><div>Does anyone know how I could \
proceed?<br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, 19 Aug 2021 at 17:02, Chasing Vega <<a \
href="mailto:chasingvega8@gmail.com">chasingvega8@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div>Hi</div><div><br></div><div>I have a server which is public and \
accepts IPsec and am trying to connect to it through \
strong</div><div><br></div><div>My configuration for strongswan is \
<br></div><div><br></div><div>connections {<br> my-vpn {<br> \
remote_addrs = server_publicip<br> version = 1<br> proposals = \
aes256-sha-modp1024<br> reauth_time = 1440m<br> local {<br> \
auth = psk<br> id = loc<br> }<br> remote {<br> \
# id field here is inferred from the remote address<br> auth = \
psk<br> id = sec<br> }<br> children {<br> \
my-vpn-1 {<br> local_ts = local_public_ip<br> \
remote_ts = server_public_ip<br> mode = transport<br> \
esp_proposals = aes256-sha-modp1024<br> rekey_time = 60m<br> \
start_action = trap<br> dpd_action = restart<br> \
}<br> }<br> }<br><br>}<br>secrets {<br> ike-my-vpn-1 {<br> \
id-1 = loc<br> id-2 = sec<br> secret = "This is a strong \
password"<br> }<br>}</div><div><br></div><div>When I try to run strongswan I \
get</div><div><br></div><div>[IKE] initiating Main Mode IKE_SA my-vpn[49] to \
serveraddr<br>[ENC] generating ID_PROT request 0 [ SA V V V V V ]<br>[NET] sending \
packet: from locip[500] to serveraddr[500] (184 bytes)<br>[NET] received packet: from \
serveraddr[500] to locip[500] (108 bytes)<br>[ENC] parsed ID_PROT response 0 [ SA V \
]<br>[IKE] received NAT-T (RFC 3947) vendor ID<br>[CFG] selected proposal: \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>[ENC] generating ID_PROT \
request 0 [ KE No NAT-D NAT-D ]<br>[NET] sending packet: from locip[500] to \
serveraddr[500] (244 bytes)<br>[NET] received packet: from serveraddr[500] to \
locip[500] (304 bytes)<br>[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D \
]<br>[IKE] received Cisco Unity vendor ID<br>[IKE] received DPD vendor ID<br>[ENC] \
received unknown vendor ID: 5d:4b:ac:66:6b:54:71:15:4b:07:98:9c:05:7e:be:f2<br>[IKE] \
received XAuth vendor ID<br>[IKE] no shared key found for 'loc'[locip] - \
'sec'[serveraddr]<br>[IKE] no shared key found for locip - \
serveraddr<br>[ENC] generating INFORMATIONAL_V1 request 1109914452 [ N(INVAL_KE) \
]<br>[NET] sending packet: from locip[500] to serveraddr[500] (56 \
bytes)</div><div><br></div><div><br></div><div>Does anyone have \
suggestion?<br></div></div> </blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic