Hi, It would be great help if anybody can help on this. I am still facing this issue.
Thanks in advance. Regards, Bhashkar On Tue, Jan 12, 2016 at 11:12 AM, bhashkar prakash Singh < [email protected]> wrote: > Hi, > > Can someone please help on this. > > Thanks & Regards, > Bhashkar > > > On 1/10/16, bhashkar prakash Singh <[email protected]> wrote: > > Hi, > > > > Recently I upgraded strongswan version 5.3.5 from 4.5.3. After upgrade I > > see tunnels are not established when using IKEV1 protocol. With IKEV2, no > > issue seen. > > I am seeing error "*integrity check failed *" when using IKEV1. I am > > unable to figure out what problem can be with IKEV1. > > > > Can someone please help on this ? > > > > Please find the log snippet: > > > > > > 46582 ( 2) INF 2004-01-01T02:44:37.301453Z syslogd.c(134) "charon: > > 05[CFG] received stroke: add connection 'conn1'" > > 46583 ( 2) INF 2004-01-01T02:44:37.301528Z syslogd.c(134) "charon: > > 05[KNL] 40.0.0.2 is not a local address or the interface is down" > > 46584 ( 2) INF 2004-01-01T02:44:37.308184Z syslogd.c(134) "charon: > > 05[CFG] loaded certificate "CN=FtmFlexiNodeSerialNoTY121316662" from > > '/etc/ipsec.d/certs/btsCert.pem'" > > 46585 ( 2) INF 2004-01-01T02:44:37.308290Z syslogd.c(134) "charon: > > 05[CFG] id '40.0.0.1' not confirmed by certificate, defaulting to > > 'CN=FtmFlexiNodeSerialNoTY121316662'" > > 46586 ( 2) INF 2004-01-01T02:44:37.308349Z syslogd.c(134) "charon: > > 05[CFG] added configuration 'conn1'" > > 46587 ( 2) INF 2004-01-01T02:44:37.308406Z syslogd.c(134) "charon: > > 11[CFG] received stroke: initiate 'conn1'" > > 46588 ( 2) INF 2004-01-01T02:44:37.308463Z syslogd.c(134) "charon: > > 11[MGR] checkout IKE_SA by config" > > 46589 ( 2) INF 2004-01-01T02:44:37.308519Z syslogd.c(134) "charon: > > 11[MGR] created IKE_SA (unnamed)[1]" > > 46590 ( 2) INF 2004-01-01T02:44:37.308576Z syslogd.c(134) "charon: > > 11[IKE] queueing ISAKMP_VENDOR task" > > 46591 ( 2) INF 2004-01-01T02:44:37.308633Z syslogd.c(134) "charon: > > 11[IKE] queueing ISAKMP_CERT_PRE task" > > 46592 ( 2) INF 2004-01-01T02:44:37.308689Z syslogd.c(134) "charon: > > 11[IKE] queueing MAIN_MODE task" > > 46593 ( 2) INF 2004-01-01T02:44:37.308745Z syslogd.c(134) "charon: > > 11[IKE] queueing ISAKMP_CERT_POST task" > > 46594 ( 2) INF 2004-01-01T02:44:37.308802Z syslogd.c(134) "charon: > > 11[IKE] queueing ISAKMP_NATD task" > > 46595 ( 2) INF 2004-01-01T02:44:37.308858Z syslogd.c(134) "charon: > > 11[IKE] queueing QUICK_MODE task" > > 46596 ( 2) INF 2004-01-01T02:44:37.310706Z syslogd.c(134) "charon: > > 11[IKE] activating new tasks" > > 46597 ( 2) INF 2004-01-01T02:44:37.310769Z syslogd.c(134) "charon: > > 11[IKE] activating ISAKMP_VENDOR task" > > 46598 ( 2) INF 2004-01-01T02:44:37.310826Z syslogd.c(134) "charon: > > 11[IKE] activating ISAKMP_CERT_PRE task" > > 46599 ( 2) INF 2004-01-01T02:44:37.310883Z syslogd.c(134) "charon: > > 11[IKE] activating MAIN_MODE task" > > 46600 ( 2) INF 2004-01-01T02:44:37.310940Z syslogd.c(134) "charon: > > 11[IKE] activating ISAKMP_CERT_POST task" > > 46601 ( 2) INF 2004-01-01T02:44:37.310996Z syslogd.c(134) "charon: > > 11[IKE] activating ISAKMP_NATD task" > > 46602 ( 2) INF 2004-01-01T02:44:37.311053Z syslogd.c(134) "charon: > > 11[IKE] sending XAuth vendor ID" > > 46603 ( 2) INF 2004-01-01T02:44:37.311109Z syslogd.c(134) "charon: > > 11[IKE] sending DPD vendor ID" > > 46604 ( 2) INF 2004-01-01T02:44:37.311165Z syslogd.c(134) "charon: > > 11[IKE] sending NAT-T (RFC 3947) vendor ID" > > 46605 ( 2) INF 2004-01-01T02:44:37.311223Z syslogd.c(134) "charon: > > 11[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID" > > 46606 ( 2) INF 2004-01-01T02:44:37.311280Z syslogd.c(134) "charon: > > 11[IKE] initiating Main Mode IKE_SA conn1[1] to 40.0.0.2" > > 46607 ( 2) INF 2004-01-01T02:44:37.314332Z syslogd.c(134) "charon: > > 11[IKE] initiating Main Mode IKE_SA conn1[1] to 40.0.0.2" > > 46608 ( 2) INF 2004-01-01T02:44:37.314398Z syslogd.c(134) "charon: > > 11[IKE] IKE_SA conn1[1] state change: CREATED => CONNECTING" > > 46609 ( 2) INF 2004-01-01T02:44:37.324654Z syslogd.c(134) "charon: > > 11[LIB] signature verification:" > > 46610 ( 2) INF 2004-01-01T02:44:37.324727Z syslogd.c(134) "charon: > > 11[ENC] generating ID_PROT request 0 [ SA V V V V ]" > > 46611 ( 2) INF 2004-01-01T02:44:37.324786Z syslogd.c(134) "charon: > > 11[NET] sending packet: from 40.0.0.1[500] to 40.0.0.2[500] (196 bytes)" > > 46612 ( 2) INF 2004-01-01T02:44:37.324843Z syslogd.c(134) "charon: > > 11[MGR] checkin IKE_SA conn1[1]" > > 46613 ( 2) INF 2004-01-01T02:44:37.347522Z syslogd.c(134) "charon: > > 08[MGR] checkout IKE_SA by message" > > 46614 ( 2) INF 2004-01-01T02:44:37.347598Z syslogd.c(134) "charon: > > 08[MGR] IKE_SA conn1[1] successfully checked out" > > 46615 ( 2) INF 2004-01-01T02:44:37.347657Z syslogd.c(134) "charon: > > 08[NET] received packet: from 40.0.0.2[500] to 40.0.0.1[500] (140 bytes)" > > 46616 ( 2) INF 2004-01-01T02:44:37.347714Z syslogd.c(134) "charon: > > 08[ENC] parsed ID_PROT response 0 [ SA V V V ]" > > 46617 ( 2) INF 2004-01-01T02:44:37.347771Z syslogd.c(134) "charon: > > 08[IKE] received XAuth vendor ID" > > 46618 ( 2) INF 2004-01-01T02:44:37.347828Z syslogd.c(134) "charon: > > 08[IKE] received DPD vendor ID" > > 46619 ( 2) INF 2004-01-01T02:44:37.347885Z syslogd.c(134) "charon: > > 08[IKE] received NAT-T (RFC 3947) vendor ID" > > 46620 ( 2) INF 2004-01-01T02:44:37.347944Z syslogd.c(134) "charon: > > 08[IKE] received (0) authentication, but configured RSA signature, > continue > > with configured" > > 46621 ( 2) INF 2004-01-01T02:44:37.348001Z syslogd.c(134) "charon: > > 08[IKE] reinitiating already active tasks" > > 46622 ( 2) INF 2004-01-01T02:44:37.348057Z syslogd.c(134) "charon: > > 08[IKE] ISAKMP_VENDOR task" > > 46623 ( 2) INF 2004-01-01T02:44:37.348113Z syslogd.c(134) "charon: > > 08[IKE] MAIN_MODE task" > > 46624 ( 2) INF 2004-01-01T02:44:37.364227Z syslogd.c(134) "charon: > > 08[LIB] size of DH secret exponent: 1022 bits" > > 46625 ( 2) INF 2004-01-01T02:44:37.383570Z syslogd.c(134) "charon: > > 08[IKE] natd_chunk => 22 bytes @ 0x4480dbb0" > > 46626 ( 2) INF 2004-01-01T02:44:37.383809Z syslogd.c(134) "charon: > > 08[IKE] 0: C1 E3 B4 72 FB A8 FF 3B 03 25 8F 99 15 2F 88 6E > > ...r...;.%.../.n" > > 46627 ( 2) INF 2004-01-01T02:44:37.384043Z syslogd.c(134) "charon: > > 08[IKE] 16: 28 00 00 02 01 F4 (....." > > 46628 ( 2) INF 2004-01-01T02:44:37.384344Z syslogd.c(134) "charon: > > 08[IKE] natd_hash => 20 bytes @ 0x3bd60" > > 46629 ( 2) INF 2004-01-01T02:44:37.384579Z syslogd.c(134) "charon: > > 08[IKE] 0: 34 CD 11 CD D2 0C 3B DF C0 89 1E 0B C7 2B 19 37 > > 4.....;......+.7" > > 46630 ( 2) INF 2004-01-01T02:44:37.384814Z syslogd.c(134) "charon: > > 08[IKE] 16: B3 5D B8 6C .].l" > > 46631 ( 2) INF 2004-01-01T02:44:37.385192Z syslogd.c(134) "charon: > > 08[IKE] natd_chunk => 22 bytes @ 0x4480dbb0" > > 46632 ( 2) INF 2004-01-01T02:44:37.385428Z syslogd.c(134) "charon: > > 08[IKE] 0: C1 E3 B4 72 FB A8 FF 3B 03 25 8F 99 15 2F 88 6E > > ...r...;.%.../.n" > > 46633 ( 2) INF 2004-01-01T02:44:37.385865Z syslogd.c(134) "charon: > > 08[IKE] 16: 28 00 00 01 01 F4 (....." > > 46634 ( 2) INF 2004-01-01T02:44:37.386136Z syslogd.c(134) "charon: > > 08[IKE] natd_hash => 20 bytes @ 0x3bd60" > > 46635 ( 2) INF 2004-01-01T02:44:37.386372Z syslogd.c(134) "charon: > > 08[IKE] 0: 41 BC 9D D0 DD 14 17 3E DB E5 01 31 6D 2C 29 7E > > A......>...1m,)~" > > 46636 ( 2) INF 2004-01-01T02:44:37.386607Z syslogd.c(134) "charon: > > 08[IKE] 16: 11 B6 A8 1B ...." > > 46637 ( 2) INF 2004-01-01T02:44:37.389895Z syslogd.c(134) "charon: > > 08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]" > > 46638 ( 2) INF 2004-01-01T02:44:37.390474Z syslogd.c(134) "charon: > > 08[NET] sending packet: from 40.0.0.1[500] to 40.0.0.2[500] (244 bytes)" > > 46639 ( 2) INF 2004-01-01T02:44:37.391643Z syslogd.c(134) "charon: > > 08[MGR] checkin IKE_SA conn1[1]" > > 46640 ( 2) INF 2004-01-01T02:44:37.391916Z syslogd.c(134) "charon: > > 08[MGR] check-in of IKE_SA successful." > > 46641 ( 2) INF 2004-01-01T02:44:37.492904Z syslogd.c(134) "charon: > > 09[MGR] checkout IKE_SA by message" > > 46642 ( 2) INF 2004-01-01T02:44:37.492991Z syslogd.c(134) "charon: > > 09[MGR] IKE_SA conn1[1] successfully checked out" > > 46643 ( 2) INF 2004-01-01T02:44:37.493050Z syslogd.c(134) "charon: > > 09[NET] received packet: from 40.0.0.2[500] to 40.0.0.1[500] (80 bytes)" > > > > * 46644 ( 2) INF 2004-01-01T02:44:37.493107Z syslogd.c(134) "charon: > > 09[ENC] payload type HASH_V1 was not encrypted" 46645 ( 2) INF > > 2004-01-01T02:44:37.493164Z syslogd.c(134) "charon: 09[ENC] could not > > decrypt payloads"* > > * 46646 ( 2) INF 2004-01-01T02:44:37.493221Z syslogd.c(134) "charon: > > 09[IKE] integrity check failed"* > > * 46647 ( 2) INF 2004-01-01T02:44:37.493278Z syslogd.c(134) "charon: > > 09[IKE] ignore malformed INFORMATIONAL request"* > > 46648 ( 2) INF 2004-01-01T02:44:37.493336Z syslogd.c(134) "charon: > > 09[IKE] INFORMATIONAL_V1 request with message ID 2788051656 processing > > failed" > > >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
