I am trying to establish an IPSec tunnel from a Ubuntu Host running LibreSwan to a MX running IPSEC. I am unable to figure out what I'm missing.
I dont have access to the MX but have been given the MX Configuration snippet.
MX Config Snippet - https://pastebin.com/EVpZjXky
My LibreSwan configuration - https://pastebin.com/NFE2qCxM
Connection Up Output - https://pastebin.com/YyGPR9WN
Log - https://pastebin.com/b8t7rSyd
Would sincerely appreciate your assistance...
Looks like a proposal miss match I see the MX phase 2 is set to md5 while the LibraSwan has SHA2. One side will need to change to match the other.
Thanks Steve for your response. Perhaps my understanding is wrong but I thought following is the config for Phase1 and Phase2 on the MX.
Phase 1 - set services ipsec-vpn ike proposal M-T-IKE-Prop authentication-algorithm sha1
Phase 2 - set services ipsec-vpn ipsec proposal M-T-IPSEC-Prop authentication-algorithm hmac-md5-96
Correspondingly for LibreSwan the config is
Phase1 - ike=aes128-sha1;dh2
Phase2 - phase2alg=aes128-md5-modp1024
In any case, I did try to
1. Swap the two - Phase1 as md5 and Phase2 as sha1 - Result is that it does not complete Phase1.
2. Set both Phase1 and Phase2 as sha1 - Result is same as the original. i.e. completes Phase1 but does not proceeed.
Unfortunately I dont have access to the MX so all the changes have to be on libreswan.
You are correct I misinterpretted the libraswan config I'm not familiar with this software.
What is the purpose of these lines? are they declaring proxy id pair and if so what is the resulting pair sets?
the Junos config has nothing specific provided so it will be assuming an open pair of
0.0.0.0/0 to 0.0.0.0/0