[vpn-help] shrew to strongswan different subnets = different results

Miroslav Betak betak at orgatrade.sk
Thu Sep 26 12:20:49 CDT 2013 

Hi

I tried establish IPSec RSA xauth connection between shrew and strongswan.

I did 3 tests with the same configurations on both sites :

1., client (shrew) and gateway (strongswan) on the same IP subnet
          - connection established

2., client (shrew) and gateway (strongswan) on different IP subnet
         - connection failed with
         ""send IKE packet B.B.B.B:500 -> S.S.S.S:500" and enough

3., client (shrew) behind NAT
         - connection failed with:
         "!! : validate packet failed ( reserved value is non-null )"
         "!! : config packet ignored ( packet decryption error )"


Can somebody help me to explain why did I obtain three different results
with exactly the same configuration on both sites ?



  strongswan --version
Linux strongSwan U5.0.4/K2.6.32-358.6.2.el6.x86_64


  IKE Daemon, ver 2.2.1
  Copyright 2013 Shrew Soft Inc.
  This product linked OpenSSL 1.0.1e-fips 11 Feb 2013


Configurations and iked logs are attached.

                   Thanks

                        Miro
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: iked.log.failed.shrew.against.strongswan.from.ip.behind.nat.log
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130926/fd7e9911/attachment-0004.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: iked.log.successful.shrew.against.strongswan.from.the.same.ip.subnet.log
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130926/fd7e9911/attachment-0005.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: shrew-rsa.vpn
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130926/fd7e9911/attachment-0006.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.ipsec.conf
Type: application/octet-stream
Size: 1019 bytes
Desc: not available
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130926/fd7e9911/attachment-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: iked.log.failed.shrew.against.strongswan.from.different.ip.subnet.log
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130926/fd7e9911/attachment-0007.ksh>

More information about the vpn-help mailing list