On Wed, 14 Jan 2015, Ali Gangji wrote:
OS X version 10.10.1 and Server version 4.0.3.
Attached is the log from the server showing 2 connection attempts.
two interesting events in your log:
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: packet shorter than isakmp
header size (size: 0, minimum expected: 28)
It seems your network might be causing fragmentation without
reassembling it properly. That is, it looks like the tail
end of the packet is missing. Either that, or we would be sending
out a (fragmented?) packet with a badly specified isakmp header
size, which I think is less likely.
Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: !!! skipped retransmitting
frags: frag_flags 1, r->sendbuf->l 224, max 1280
I don't fully understand this, but it is related to ike fragmentation.
Please try your connection on libreswan with the following settings:
ike-frag=no
ike-frag=yes
ike-frag=force
and let me know which of the three, if any, actually worked.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
