0

I'm creating a VPN using StrongSwan. It's my first time using this tool. I followed a tutorial to set up. I've hit a blocker whereby the peer connection times out. The status is 0 up, 1 connecting.

I have tried on different servers, the same issue happens.

ipsec.conf

conn conec-example
  authby=secret
  left=%defaultroute
  leftid=<public_IP_1>
  leftsubnet=<private_ip_1>/20
  right=<public_IP_2>
  rightsubnet=<private_ip_2>/20
  ike=aes256-sha2_256-modp1024!
  esp=aes256-sha2_256!
  keyingtries=0
  ikelifetime=1h
  lifetime=8h
  dpddelay=30
  dpdtimeout=120
  dpdaction=restart
  auto=start

ipsec.secrets

public_IP_1 public_IP_2 : PSK "randomprivatesharedkey"

Here is part of the logs:

Aug 18 17:29:01 ip-x charon: 10[IKE] retransmit 2 of request with message ID 0
Aug 18 17:29:01 ip-x charon: 10[NET] sending packet: from x.x[500] to x.x.x.x[500] (334 bytes)
Aug 18 17:30:19 ip-x charon: 13[IKE] retransmit 5 of request with message ID 0
Aug 18 17:30:19 ip-xcharon: 13[NET] sending packet: from x.x[500] tox.x.x.129[500] (334 bytes)
Aug 18 17:31:35  charon: 16[IKE] giving up after 5 retransmits
Aug 18 17:31:35 charon: 16[IKE] peer not responding, trying again (2/0)

I expected a successful connection after setting up this, though no success. How can I resolve this? Any ideas?

leaner
  • 1
  • 1

1 Answers1

0

Use tcpdump on both ends and to check if the packets from the other side arrive. You should see UDP packets to port 500 or 4500. If you're on EC2 make sure the inbound Security Group permits these from the other side.

Hope that helps :)

MLu
  • 24,849
  • 5
  • 59
  • 86