[Openswan Users] Successful OpenSWAN/StrongSWAN connection - with annoying log entries
Madden, Joe
Joe.Madden at mottmac.com
Thu Jun 16 09:37:48 EDT 2016
Hi List,
I've got a OpenSWAN instance connected to a StrongSWAN instance which is successful in connecting and transferring packets of the VPN.
The issue I appear to have is that we have a number of odd log entries within the log that I don't fully understand and am unable to figure out.
Jun 16 13:20:23 vpn-server pluto[23491]: "vpn1/14x0" #10397: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Jun 16 13:20:23 vpn-server pluto[23491]: "vpn1/14x0" #10397: starting keying attempt 448 of an unlimited number
Jun 16 13:20:23 vpn-server pluto[23491]: "vpn1/14x0" #10425: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK to replace #10397 {using isakmp#9175 msgid:8f16f1db proposal=AES(12)_256-SHA2_256(5)_256 pfsgroup=OAKLEY_GROUP_MODP2048}
I've attached my configuration of my end and the remote end to see if anyone is able to stop any obvious issues!
############################### OpenSwan ###########################################
conn vpn1
authby= secret
auto= start
type= tunnel
nat_traversal= yes
forceencaps= no
rekeymargin= 3m
keyingtries= %forever
keylife= 60m
ikelifetime= 480m
ikev2= no
#RTT
left= 10.59.31.49
leftsubnets= {10.2.170.0/26,10.1.178.0/26,10.1.160.64/27,10.1.162.64/27,10.1.176.0/25,10.1.170.0/25,10.2.166.0/26,10.2.74.64/29,10.2.166.0/26,10.2.130.64/28,10.2.168.10/32,10.2.168.11/32,10.1.172.10/32,10.1.172.11/32}
leftid= ######
leftnexthop= 10.59.31.54
leftsourceip= 10.59.31.49
#SAA
right= ####
rightid= ####
rightsubnet= 10.199.0.0/28
ike= aes256-sha2_256;modp2048
phase2= esp
phase2alg= aes256-sha2_256;modp2048
pfs= yes
sha2_truncbug= no
#Dead Peer Detection
dpdaction= restart
################################ StrongSWAN #################################################
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
#uniqueids=never
#charondebug="cfg 2, dmn 2, ike 2, net 2"
conn %default
ikelifetime=60m
keylife=60m
keyexchange=ikev1
type=tunnel
rekeymargin=3m
keyingtries=1
#authby=secret
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024
aggressive=yes
dpdaction=clear
dpddelay=30s
dpdtimeout=120
conn remoteend1
type=tunnel
authby=secret
#nat_traversal=yes
forceencaps=no
#mobike=yes
keyexchange=ikev1
#Left
left=10.199.0.6
leftsubnet=10.199.0.0/28
leftid=#######
#leftauth=psk
leftfirewall=yes
#Encryption
ike=aes256-sha256-modp2048
esp=aes256-sha256-modp2048
#Right
right=############
rightsubnet=10.2.170.0/26,10.1.178.0/26,10.1.160.64/27,10.1.162.64/27,10.1.176.0/25,10.1.170.0/25,10.2.166.0/26,10.2.74.64/29,10.2.166.0/26,10.2.130.64/28,10.2.168.10/32,10.2.168.11/32,10.1.172.10/32,10.1.172.11/32
rightid=###########
#Settings
aggressive=no
ikelifetime=480m
keyingtries=%forever
keylife=60m
dpdaction=restart
dpdtimeout=120s
dpddelay=30s
auto=start
Are these messages expected or does it point to a configuration issue?
Both ends will negotiate the VPN connection correctly and communication over the VPN is successful!
Thanks
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160616/4caf279c/attachment.html>
More information about the Users
mailing list