search

opnsense / core

OPNsense GUI, API and systems backend
https://opnsense.org/
BSD 2-Clause "Simplified" License
3.39k stars 759 forks source link

IPSEC swanctl: [IKE] received (29) error notify #6269

Closed d7volker closed 1 year ago

d7volker commented 1 year ago

Hi all,

I experience an issue with all my IPSEC VPN's after upgrading to 23.1:

root@adrasteia:/usr/local/etc/swanctl # swanctl -i -i con1
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
[IKE] initiating Aggressive Mode IKE_SA con1[5] to xx.xx.xx.xx
[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
[NET] sending packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (488 bytes)
[NET] received packet: from xx.xx.xx.xx[500] to xx.xx.xx.xx[500] (40 bytes)
[ENC] parsed INFORMATIONAL_V1 request 0 [ N((29)) ]
[IKE] received (29) error notify
initiate failed: establishing IKE_SA 'con1' failed

my config:

    con1 {
        unique = replace
        aggressive = yes 
        version = 1
        mobike = no
        local_addrs = xx.xx.xx.xx
        local-0 {
            id = xx.xx.xx.xx
            auth = psk
        }
        remote-0 {
            id = xx.xx.xx.xx
            auth = psk
        }
        remote_addrs = xx.xx.xx.xx
        encap = no
        proposals = aes192-sha256-modp2048
        children {
            con1-000 {
                start_action = route
                policies = yes
                mode = tunnel
                sha256_96 = no
                local_ts = 172.16.8.0/22
                remote_ts = 192.168.10.0/25
                reqid = 1
                esp_proposals = aes192-sha256-modp2048
                life_time = 3600 s
            }
        }
    }
.
.
.
secrets {
    ike-p1-0 {
        id-0 = 
        id-1 = xx.xx.xx.xx
        secret = xxxxxxxxxxxxxxxxxxxxxxxxxxx
    }
.
.
.
}

Does anybody have an Idea about it?

Thank You!

OPNsense-bot commented 1 year ago

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

mimugmail commented 1 year ago

https://github.com/opnsense/core/issues/6276#issuecomment-1406606247

OPNsense-bot commented 1 year ago

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.