Hi Dan, > 08[CFG] received stroke: initiate 'rem' > 08[IKE] unable to initiate to %any
Side note: As a responder, it is sufficient to set auto=add. auto=start doesn't work, as the remote IP is not known. > 13[NET] received packet: from 75.99.83.90[500] to 192.168.1.104[500] > 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > 13[IKE] 75.99.83.90 is initiating an IKE_SA > 13[IKE] local host is behind NAT, sending keep alives > 13[IKE] remote host is behind NAT > 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) > N(NATD_D_IP) N(MULT_AUTH) ] > 13[NET] sending packet: from 192.168.1.104[500] to 75.99.83.90[500] > 14[IKE] sending keep alive > 14[NET] sending packet: from 192.168.1.104[500] to 75.99.83.90[500] > 15[JOB] deleting half open IKE_SA after timeout The first IKE_SA_INIT exchange succeeds, but then no IKE_AUTH is received. Either the playbook does not receive the IKE_SA_INIT response, or its IKE_AUTH doesn't make it to us. IKE_AUTH might switch to port 4500, and I see that you have a double-NAT situation. Can you confirm that packets should get through on port 4500? If it is the case you might try to sniff traffic on the playbook segment to see which packet gets lost. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
