Package: strongswan
Version: 5.4.0-1
Severity: normal
Dear Maintainer,
I have used strongswan to create an ipsec tunnel for a VPN connection to my
company. After stronswan was upgraded to 5.4 the formerly working configuration
does not longer work.
I get the following message:
initiating Main Mode IKE_SA vpn-metromec[1] to xxx.xxx.xxx.xxx
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.0.12[500] to xxx.xxx.xxx.xxx[500] (212 bytes)
received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (248 bytes)
parsed ID_PROT response 0 [ SA V V V V V V V V V ]
received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
received draft-ietf-ipsec-nat-t-ike-02 vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received draft-ietf-ipsec-nat-t-ike-03 vendor ID
received NAT-T (RFC 3947) vendor ID
received XAuth vendor ID
received DPD vendor ID
received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.0.12[500] to xxx.xxx.xxx.xxx[500] (236 bytes)
received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.0.12[4500] to xxx.xxx.xxx.xxx[4500] (92 bytes)
received packet: from xxx.xxx.xxx.xxx[500] to 192.168.0.12[500] (220 bytes)
received retransmit of response with ID 0, but next request already sent
received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.0.12[4500] (60 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA vpn-metromec[1] established between
192.168.0.12[192.168.0.12]...xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]
scheduling reauthentication in 27872s
maximum IKE_SA lifetime 28412s
generating QUICK_MODE request 221974855 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.0.12[4500] to xxx.xxx.xxx.xxx[4500] (220 bytes)
received packet: from xxx.xxx.xxx.xxx[4500] to 192.168.0.12[4500] (116 bytes)
parsed INFORMATIONAL_V1 request 503827175 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'vpn-metromec' failed
My ipsec.conf says:
conn vpn-metromec
authby=secret
rekey=yes
keyingtries=3
dpdaction=restart
ikelifetime=8h
keylife=1h
keyexchange=ikev1
ike=3des-md5-modp1024
type=transport
left=192.168.0.12
leftsubnet=192.168.0.12[udp/1701]
right=xxx.xxx.xxx.xxx
rightsubnet=xxx.xxx.xxx.xxx[udp/1701]
auto=add
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages strongswan depends on:
ii strongswan-charon 5.4.0-1
ii strongswan-starter 5.4.0-1
strongswan recommends no packages.
strongswan suggests no packages.
-- no debconf information
