1

I have two private network.
network A

  • router: TL-WVR3200L
  • public IP: 223.71.239.218
  • subnet: 192.168.1.0/24

IPSec config:

enter image description here
enter image description here
enter image description here

network B

  • router: TL-WDR5620
  • public IP: 119.90.63.105
  • subnet: 192.168.100.0/24

I setup strongswan on 192.168.100.102 with following config:

config setup
        charondebug="all"
        uniqueids=yes
        strictcrlpolicy=no

conn bgp-to-corp
        authby=secret
        leftid=119.90.63.105
        leftsubnet=192.168.100.0/24
        right=223.71.239.218
        rightsubnet=192.168.1.0/24
        ike=3des-md5-modp1024!
        esp=3des-md5!
        keyingtries=0
        ikelifetime=1h
        lifetime=8h
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        auto=start

When I run ipsec start, I found the following error in /var/log/syslog: enter image description here

Can anyone explain why this happens?

Improve this question
2
  • 1
    Does the responder actually support IKEv2? If not, try configuring keyexchange=ikev1, otherwise, check the log there to see why it send the notify back. Commented Feb 24, 2021 at 9:48
  • @ecdsa Thank you very much! TL-WVR3200L doesn't support IKEv2, when I configuring keyexchange=ikev1, the problem was gone. Commented Feb 24, 2021 at 10:00

1 Answer 1

Reset to default
0

TL-WVR3200L doesn't support IKEv2. As suggested by ecdsa, when I configuring keyexchange=ikev1, the problem was gone.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.