Markus Wernig <[email protected]>: > ... > But the client is unable to connect to the VPN GW, and I just can't find > out what's going wrong. Unfortunately there are two ways it is failing: > > 1) Client sends IKEv2 msg IKE_SA_INIT on Port 500, VPN GW replies with > IKE_SA_INIT and CertReq, *then client sends IKE_AUTH. But to this packet > the VPN GW never replies, and the client resends until it times out*. I > see in the client log that it is selecting and sending the [email protected] > certificate. In the VPN GW logs I get: > > Aug 9 08:40:35 tunnel iked[18255]: ikev2_recv: IKE_SA_INIT from > initiator A.B.C.D:34276 to 10.x.y.z:500 policy 'johndoevpn' id 0, 1048 bytes > Aug 9 08:40:35 tunnel iked[18255]: ikev2_msg_send: IKE_SA_INIT from > 10.x.y.z:500 to A.B.C.D:34276, 457 bytes > Aug 9 08:40:35 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > Aug 9 08:40:39 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > Aug 9 08:40:46 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > Aug 9 08:40:59 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > ...
Hi, folks! I have the same failing scenario when using BlackBerry 10 client. OpenIKED is from -current. Ikeauth mode is PSK (yeah, insecure). Any ideas what it may be and how to fix it? Thanks.
