Messages

1

23.1 Legacy Series / IPSEC swanctl: [IKE] received (29) error notify

« on: January 27, 2023, 01:32:05 am »

Hi all,

I experience an issue with all my IPSEC VPN's after upgrading to 23.1:

Code: [Select]

root@adrasteia:/usr/local/etc/swanctl # swanctl -i -i con1
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
[IKE] initiating Aggressive Mode IKE_SA con1[5] to xx.xx.xx.xx
[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
[NET] sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (488 bytes)
[NET] received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (40 bytes)
[ENC] parsed INFORMATIONAL_V1 request 0 [ N((29)) ]
[IKE] received (29) error notify
initiate failed: establishing IKE_SA 'con1' failed

my config:

Code: [Select]

    con1 {
        unique = replace
        aggressive = yes
        version = 1
        mobike = no
        local_addrs = xx.xx.xx.xx
        local-0 {
            id = xx.xx.xx.xx
            auth = psk
        }
        remote-0 {
            id = xx.xx.xx.xx
            auth = psk
        }
        remote_addrs = xx.xx.xx.xx
        encap = no
        proposals = aes192-sha256-modp2048
        children {
            con1-000 {
                start_action = route
                policies = yes
                mode = tunnel
                sha256_96 = no
                local_ts = 172.16.8.0/22
                remote_ts = 192.168.10.0/25
                reqid = 1
                esp_proposals = aes192-sha256-modp2048
                life_time = 3600 s
            }
        }
    }
.
.
.
secrets {
    ike-p1-0 {
        id-0 =
        id-1 = xx.xx.xx.xx
        secret = xxxxxxxxxxxxxxxxxxxxxxxxxxx
    }
.
.
.
}

I didn't changed something before the upgrade, and the partner sides didn't change either.
Does anybody have an Idea about it?

Thank You!

Best Regrads,
Volker