Hi Laurence, it looks as if Juniper's transform encoding is faulty. In order to diagnose this further could you increase the debug level to 3 (raw packets).
charondebug="enc 3" This might create quite a lot of output! Regards Andreas On 20.09.2010 09:29, Groebl, Laurence (Laurence) wrote: > Hello Andreas, > herewith the relevant part from the log, I hope it helps, > best regards, > Laurence > > Sep 17 09:15:19 destgd0h003661 charon: 07[ENC] generating IKE_SA_INIT request > 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > Sep 17 09:15:19 destgd0h003661 charon: 07[NET] sending packet: from > 192.168.30.51[500] to 192.168.30.254[500] > Sep 17 09:15:19 destgd0h003661 charon: 10[NET] received packet: from > 192.168.30.254[500] to 192.168.30.51[500] > Sep 17 09:15:19 destgd0h003661 charon: 10[ENC] length of > TRANSFORM_ATTRIBUTE substructure list invalid > Sep 17 09:15:19 destgd0h003661 charon: 10[ENC] parsing of a > TRANSFORM_SUBSTRUCTURE substructure failed > Sep 17 09:15:19 destgd0h003661 charon: 10[ENC] parsing of a > PROPOSAL_SUBSTRUCTURE substructure failed > Sep 17 09:15:19 destgd0h003661 charon: 10[ENC] payload type > SECURITY_ASSOCIATION could not be parsed > Sep 17 09:15:19 destgd0h003661 charon: 10[IKE] IKE_SA_INIT response with > message ID 0 processing failed > Sep 17 09:15:23 destgd0h003661 charon: 11[IKE] retransmit 1 of request with > message ID 0 > Sep 17 09:15:23 destgd0h003661 charon: 11[NET] sending packet: from > 192.168.30.51[500] to 192.168.30.254[500] > Sep 17 09:15:23 destgd0h003661 charon: 12[NET] received packet: from > 192.168.30.254[500] to 192.168.30.51[500] > Sep 17 09:15:23 destgd0h003661 charon: 12[ENC] length of > TRANSFORM_ATTRIBUTE substructure list invalid > Sep 17 09:15:23 destgd0h003661 charon: 12[ENC] parsing of a > TRANSFORM_SUBSTRUCTURE substructure failed > Sep 17 09:15:23 destgd0h003661 charon: 12[ENC] parsing of a > PROPOSAL_SUBSTRUCTURE substructure failed > Sep 17 09:15:23 destgd0h003661 charon: 12[ENC] payload type > SECURITY_ASSOCIATION could not be parsed > Sep 17 09:15:23 destgd0h003661 charon: 12[IKE] IKE_SA_INIT response with > message ID 0 processing failed > Sep 17 09:15:30 destgd0h003661 charon: 13[IKE] retransmit 2 of request with > message ID 0 > Sep 17 09:15:30 destgd0h003661 charon: 13[NET] sending packet: from > 192.168.30.51[500] to 192.168.30.254[500] > Sep 17 09:15:30 destgd0h003661 charon: 14[NET] received packet: from > 192.168.30.254[500] to 192.168.30.51[500] > Sep 17 09:15:30 destgd0h003661 charon: 14[ENC] length of > TRANSFORM_ATTRIBUTE substructure list invalid > Sep 17 09:15:30 destgd0h003661 charon: 14[ENC] parsing of a > TRANSFORM_SUBSTRUCTURE substructure failed > Sep 17 09:15:30 destgd0h003661 charon: 14[ENC] parsing of a > PROPOSAL_SUBSTRUCTURE substructure failed > Sep 17 09:15:30 destgd0h003661 charon: 14[ENC] payload type > SECURITY_ASSOCIATION could not be parsed > Sep 17 09:15:30 destgd0h003661 charon: 14[IKE] IKE_SA_INIT response with > message ID 0 processing failed > Sep 17 09:15:33 destgd0h003661 avahi-daemon[2672]: dbus-protocol.c: Too many > objects for client ':1.13', client request failed. > > > > > >> -----Original Message----- >> From: Andreas Steffen [mailto:[email protected]] >> Sent: Freitag, 17. September 2010 20:33 >> To: Groebl, Laurence (Laurence) >> Cc: [email protected] >> Subject: Re: [strongSwan] IKEv2 tunnel establishment, >> initiator does not repond >> >> Hello Laurence, >> >> a strongSwan log would really help. The only strange thing >> that I see in the wireshark response is >> >> Transform ID: ENCR_AES_CBC (12) >> RESERVED TO IANA (7424): <too big (128 bytes)> >> >> Is this a wrong encoding of the AES key size??? >> >> Regards >> >> Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
