On Mon, 13 Jun 2016, Ge Xu wrote:
I am testing a VPN behind of a NAT gateway. I tried libreswan 3.15 and 3.17 with same configuration. 3.15 succeeds, but 3.17 fails.
I am not aware of anything specific causing that.
000 #2: "vpn-0":4500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_CRYPTO_FAILED in 54s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate 000 #1: "vpn-0":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27801s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
It looks like the IPsec SA did not fully establish. Either your logs or the remote endpoint's log should have an entry saying what went wrong. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
