My connection works in 20.04 and fails in 22.04. Perhaps something i've been using is now depricated? Or perhaps jammy strongswan is...still working on it?
This is the output i get in 22.04:
initiating Main Mode IKE_SA myvp7[1] to 2.i.p.7
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (180 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (372 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
no shared key found for '1.i.p.2'[1.i.p.2] - '2.i.p.7'[2.i.p.7]
no shared key found for 1.i.p.2 - 2.i.p.7
generating INFORMATIONAL_V1 request 402437601 [ N(INVAL_KE) ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (56 bytes)
establishing connection 'myvp7' failed
This is the output i get in 20.04:
initiating Main Mode IKE_SA myvp7[1] to 2.i.p.7
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (180 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (372 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.i.p.2[4500] to 2.i.p.7[4500] (108 bytes)
received packet: from 2.i.p.7[4500] to 1.i.p.2[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvp7[1] established between 1.i.p.2[1.i.p.2]...2.i.p.7[2.i.p.7]
scheduling reauthentication in 3397s
maximum IKE_SA lifetime 3577s
generating QUICK_MODE request 3605139670 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 1.i.p.2[4500] to 2.i.p.7[4500] (204 bytes)
received packet: from 2.i.p.7[4500] to 1.i.p.2[4500] (204 bytes)
parsed QUICK_MODE response 3605139670 [ HASH SA No ID ID NAT-OA NAT-OA ]
selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
CHILD_SA myvp7{1} established with SPIs ce997cf9_i ccdb93e8_o and TS 1.i.p.2/32[udp/l2f] === 2.i.p.7/32[udp/l2f]
connection 'myvp7' established successfully
My connection works in 20.04 and fails in 22.04. Perhaps something i've been using is now depricated? Or perhaps jammy strongswan is...still working on it?
This is the output i get in 22.04: CBC_256/ HMAC_SHA1_ 96/PRF_ HMAC_SHA1/ MODP_2048
initiating Main Mode IKE_SA myvp7[1] to 2.i.p.7
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (180 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:AES_
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (372 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
no shared key found for '1.i.p.2'[1.i.p.2] - '2.i.p.7'[2.i.p.7]
no shared key found for 1.i.p.2 - 2.i.p.7
generating INFORMATIONAL_V1 request 402437601 [ N(INVAL_KE) ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (56 bytes)
establishing connection 'myvp7' failed
This is the output i get in 20.04: CBC_256/ HMAC_SHA1_ 96/PRF_ HMAC_SHA1/ MODP_2048 1.i.p.2] ...2.i. p.7[2.i. p.7] CBC_128/ HMAC_SHA1_ 96/NO_EXT_ SEQ
initiating Main Mode IKE_SA myvp7[1] to 2.i.p.7
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (180 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:AES_
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 1.i.p.2[500] to 2.i.p.7[500] (372 bytes)
received packet: from 2.i.p.7[500] to 1.i.p.2[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 1.i.p.2[4500] to 2.i.p.7[4500] (108 bytes)
received packet: from 2.i.p.7[4500] to 1.i.p.2[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvp7[1] established between 1.i.p.2[
scheduling reauthentication in 3397s
maximum IKE_SA lifetime 3577s
generating QUICK_MODE request 3605139670 [ HASH SA No ID ID NAT-OA NAT-OA ]
sending packet: from 1.i.p.2[4500] to 2.i.p.7[4500] (204 bytes)
received packet: from 2.i.p.7[4500] to 1.i.p.2[4500] (204 bytes)
parsed QUICK_MODE response 3605139670 [ HASH SA No ID ID NAT-OA NAT-OA ]
selected proposal: ESP:AES_
CHILD_SA myvp7{1} established with SPIs ce997cf9_i ccdb93e8_o and TS 1.i.p.2/32[udp/l2f] === 2.i.p.7/32[udp/l2f]
connection 'myvp7' established successfully
my ipsec.conf: t=17/1701 =17/1701 %defaultroute
conn myvp7
right=2.i.p.7
rightprotopor
leftprotoport
left=
keyexchange=ikev1
type=transport
authby=secret
auto=add
my ipsec.secrets:
: PSK ...