Hi, i'm trying to configure side2site swantcl configuration. it gives auth failure error.
config client:
config ipsec
option rtinstall_enabled '1'
config remote 'head'
option enabled '1'
option local_ip '192.168.3.2'
option gateway '192.168.3.1'
option authentication_method 'psk'
option pre_shared_key '123456789'
option fragmentation '1'
option rekeytime '4h'
option keyingretries '0'
option mobike '0'
option local_identifier 'client'
option remote_identifier 'server'
list crypto_proposal 'ike_proposal'
option keyexchange 'ikev2'
list tunnel 'tun3'
config crypto_proposal 'esp_proposal'
option dh_group 'modp2048'
option encryption_algorithm 'aes128'
option hash_algorithm 'sha1'
config crypto_proposal 'ike_proposal'
option encryption_algorithm 'aes256'
option dh_group 'modp2048'
option hash_algorithm 'sha1'
config remote 'connection2'
option enabled '1'
option local_ip '192.168.0.101'
option gateway '192.167.31.2'
option authentication_method 'psk'
option pre_shared_key 'avsgfjgk'
option fragmentation '1'
option rekeytime '4h'
option keyingretries '0'
option mobike '0'
option mark_in '42'
option vips '0.0.0.0'
list crypto_proposal 'ike_proposal1'
option keyexchange 'ikev2'
config tunnel 'tun3'
list local_subnet '192.168.2.0/24'
list remote_subnet '192.168.1.0/24'
list crypto_proposal 'esp_proposal'
option startaction 'trap'
option closeaction 'none'
option dpdaction 'restart'
option if_id '42'
config server:
config ipsec
option rtinstall_enabled '1'
config remote 'head'
option enabled '1'
option local_ip '192.168.100.101'
option gateway '192.167.3.2'
option authentication_method 'psk'
option pre_shared_key '0987654321'
option fragmentation '1'
option rekeytime '4h'
option keyingretries '0'
option mobike '0'
list crypto_proposal 'ike_proposal'
option keyexchange 'ikev2'
config crypto_proposal 'esp_proposal'
option dh_group 'modp2048'
option encryption_algorithm 'aes128'
option hash_algorithm 'sha1'
config crypto_proposal 'ike_proposal'
option encryption_algorithm 'aes256'
option dh_group 'modp2048'
option hash_algorithm 'sha1'
config remote 'connection2'
option enabled '1'
option local_ip '192.168.0.101'
option gateway '192.167.31.2'
option authentication_method 'psk'
option pre_shared_key 'avsgfjgk'
option fragmentation '1'
option rekeytime '4h'
option keyingretries '0'
option mobike '0'
option mark_in '42'
option vips '0.0.0.0'
list crypto_proposal 'ike_proposal1'
option keyexchange 'ikev2'
config remote 'new'
option enabled '1'
option authentication_method 'psk'
option local_identifier 'server'
option remote_identifier 'client'
option fragmentation '1'
option rekeytime '4h'
option keyingretries '0'
option mobike '0'
option keyexchange 'ikev2'
list crypto_proposal 'ike_proposal'
option pre_shared_key '123456789'
option local_ip '192.168.3.1'
option gateway '192.168.3.2'
list tunnel 'tun3'
config tunnel 'tun3'
list local_subnet '192.168.1.0/24'
list remote_subnet '192.168.2.0/24'
list crypto_proposal 'esp_proposal'
option startaction 'trap'
option closeaction 'none'
option dpdaction 'restart'
option if_id '42'
client side logs:
02[CFG] vici initiate IKE_SA 'head'
10[IKE] initiating IKE_SA head[4] to 192.168.3.1
10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
10[NET] sending packet: from 192.168.3.2[500] to 192.168.3.1[500] (464 bytes)
08[NET] received packet: from 192.168.3.1[500] to 192.168.3.2[500] (472 bytes)
08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
08[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
08[IKE] authentication of 'client' (myself) with pre-shared key
08[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
08[NET] sending packet: from 192.168.3.2[500] to 192.168.3.1[500] (156 bytes)
06[NET] received packet: from 192.168.3.1[500] to 192.168.3.2[500] (76 bytes)
06[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
06[IKE] received AUTHENTICATION_FAILED notify error
10[NET] received packet: from 192.168.3.1[500] to 192.168.3.2[500] (464 bytes)
10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
10[IKE] 192.168.3.1 is initiating an IKE_SA
10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
10[NET] sending packet: from 192.168.3.2[500] to 192.168.3.1[500] (472 bytes)
07[NET] received packet: from 192.168.3.1[500] to 192.168.3.2[500] (156 bytes)
07[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
07[CFG] looking for peer configs matching 192.168.3.2[client]...192.168.3.1[server]
07[CFG] selected peer config 'head'
07[IKE] tried 1 shared key for 'client' - 'server', but MAC mismatched
07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Need your help...
thanks
