Hi Daniel I assume you're using OSX >=10.8, since apple changed something with the racoon daemon, there are known problems with certificates. I did some research and tests a few weeks ago while running into the same problem and could narrow it down to either the size of the certificates and/or to the included information.
There are ways to get it working, but you'll probably end up creating new certificates. Therefor I personally decided to use PSK/XAUTH with OSX (from Mountain Lion) and IOS 6. Check the following links for further infos: https://discussions.apple.com/thread/4158642?start=15&tstart=0 and maybe those: https://discussions.apple.com/thread/4139538?start=0&tstart=0 http://www.astaro.org/gateway-products/vpn-site-site-remote-access/44432-cisco-vpn-not-working-apple-ios-6-a.html There also was already a discussion on the ML about this (I still couldn't figure why Martin Willi's certificates are working with 2048bit): http://www.mail-archive.com/[email protected]/msg05105.html Cheers Tobias Am Sat, 10 Nov 2012 14:41:32 +0100 schrieb Daniel Tschinder <[email protected]>: > Hello, > > I have strongswan working since two years for IKEv2 and Windows7. As > IKEv2 is not well supported by clients, I'm now trying to add support > for IKEv1 and testing with the native Mac OS X Client from 10.8. > > But now I'm stuck at some weird problem which I seem not to be able > to solve by myself. The Problem is (as far as I can see) that either > the MAC is sending an invalid message or the server is not able to > decrypt. [...] > Nov 10 13:49:28 gateway charon: 11[ENC] parsing ENCRYPTED_V1 payload > finished > Nov 10 13:49:28 gateway charon: 11[ENC] process payload of type > ENCRYPTED_V1 Nov 10 13:49:28 gateway charon: 11[ENC] found an > encryption payload Nov 10 13:49:28 gateway charon: 11[ENC] decryption > failed, invalid length Nov 10 13:49:28 gateway charon: 11[ENC] could > not decrypt payloads Nov 10 13:49:28 gateway charon: 11[IKE] > integrity check failed [...] > > The Certificates seem to work, as the same one used on the MAC works > on Windows with IKEv2. > > I tried a lot of different settings in ipsec.conf but non of them > seem to have any impact on the problem. > > Hopefully anyone can help me out. > I appreciate any suggestion, as I'm at the end of my knowledge. > > Thanks in advance. > > ipsec.conf: > > config setup > charondebug="dmn 3, mgr 3, ike 1, chd 3, job 3, cfg 3, knl > 3, net 1, asn 1, enc 1, lib 3, esp 3, tls 3" > > conn win7 > reauth=no > ikelifetime=8h > left=%defaultroute > leftcert=peer2_gateway_cert.pem > leftsubnet=10.0.59.0/24 > right=%any > rightsourceip=10.0.51.0/24 > keyexchange=ikev2 > auto=add > > conn macosx > xauth=server > keyexchange=ikev1 > left=%defaultroute > leftcert=peer2_gateway_cert.pem > leftsubnet=10.0.59.0/24 > leftauth=pubkey > right=%any > rightsourceip=10.0.52.0/24 > rightauth=pubkey > rightauth2=xauth > auto=add > > ipsec.secret: > > : RSA peer2_gateway_key.pem "password" > user : XAUTH "password" > > And here is the log: > Nov 10 14:25:13 gateway charon: 05[MGR] checkout IKE_SA by message > Nov 10 14:25:13 gateway charon: 05[MGR] created IKE_SA (unnamed)[1] > Nov 10 14:25:13 gateway charon: 05[NET] received packet: from > <client-ip>[56616] to <server-ip>[500] > Nov 10 14:25:13 gateway charon: 05[ENC] parsed ID_PROT request 0 [ SA > V V V V V V V V V V V V V V ] > Nov 10 14:25:13 gateway charon: 05[CFG] looking for an ike config for > <server-ip>...<client-ip> > Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 > (<server-ip> <client-ip>) > Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, > prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 > (<server-ip> <client-ip>) > Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, > prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] found matching ike > config: %any...%any with prio 2 > Nov 10 14:25:13 gateway charon: 05[IKE] received NAT-T (RFC 3947) > vendor ID Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-08 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-07 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-06 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-05 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-04 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-03 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-02 vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received > draft-ietf-ipsec-nat-t-ike-02\n vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received XAuth vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] received Cisco Unity vendor ID > Nov 10 14:25:13 gateway charon: 05[ENC] received unknown vendor ID: > 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00 > Nov 10 14:25:13 gateway charon: 05[IKE] received DPD vendor ID > Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a > Main Mode IKE_SA > Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a > Main Mode IKE_SA > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > DIFFIE_HELLMAN_GROUP found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > INTEGRITY_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > DIFFIE_HELLMAN_GROUP found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > INTEGRITY_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable > ENCRYPTION_ALGORITHM found > Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: > Nov 10 14:25:13 gateway charon: 05[CFG] proposal matches > Nov 10 14:25:13 gateway charon: 05[CFG] received proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, > IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, > IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, > IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, > IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 > Nov 10 14:25:13 gateway charon: 05[CFG] configured proposals: > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, > IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192 > Nov 10 14:25:13 gateway charon: 05[CFG] selected proposal: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 > Nov 10 14:25:13 gateway charon: 05[ENC] generating ID_PROT response 0 > [ SA V V V ] > Nov 10 14:25:13 gateway charon: 05[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:13 gateway charon: 07[JOB] next event in 29s 996ms, > waiting Nov 10 14:25:13 gateway charon: 05[MGR] checkin IKE_SA > (unnamed)[1] Nov 10 14:25:13 gateway charon: 05[MGR] check-in of > IKE_SA successful. Nov 10 14:25:13 gateway charon: 04[MGR] checkout > IKE_SA by message Nov 10 14:25:13 gateway charon: 04[MGR] IKE_SA > (unnamed)[1] successfully checked out > Nov 10 14:25:13 gateway charon: 04[NET] received packet: from > <client-ip>[56616] to <server-ip>[500] > Nov 10 14:25:13 gateway charon: 04[ENC] parsed ID_PROT request 0 [ KE > No NAT-D NAT-D ] > Nov 10 14:25:13 gateway charon: 04[LIB] size of DH secret exponent: > 1535 bits > Nov 10 14:25:13 gateway charon: 04[IKE] remote host is behind NAT > Nov 10 14:25:13 gateway charon: 04[IKE] sending cert request for > "C=DE, ST=Berlin, O=<Organization>, CN=<Name> CA, E=<email>" > Nov 10 14:25:13 gateway charon: 04[ENC] generating ID_PROT response 0 > [ KE No CERTREQ NAT-D NAT-D ] > Nov 10 14:25:13 gateway charon: 04[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:13 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:13 gateway charon: 04[MGR] check-in of IKE_SA successful. > Nov 10 14:25:13 gateway charon: 03[MGR] checkout IKE_SA by message > Nov 10 14:25:13 gateway charon: 03[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:13 gateway charon: 03[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:13 gateway charon: 03[ENC] decryption failed, invalid > length Nov 10 14:25:13 gateway charon: 03[ENC] could not decrypt > payloads Nov 10 14:25:13 gateway charon: 03[IKE] integrity check > failed Nov 10 14:25:13 gateway charon: 03[ENC] generating > INFORMATIONAL_V1 request 374731955 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:13 gateway charon: 03[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:13 gateway charon: 03[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:13 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:13 gateway charon: 03[MGR] check-in of IKE_SA successful. > Nov 10 14:25:13 gateway charon: 02[MGR] checkout IKE_SA by message > Nov 10 14:25:13 gateway charon: 02[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:13 gateway charon: 02[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:13 gateway charon: 02[ENC] decryption failed, invalid > length Nov 10 14:25:13 gateway charon: 02[ENC] could not decrypt > payloads Nov 10 14:25:13 gateway charon: 02[IKE] integrity check > failed Nov 10 14:25:13 gateway charon: 02[ENC] generating > INFORMATIONAL_V1 request 1955652691 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:13 gateway charon: 02[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:13 gateway charon: 02[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:13 gateway charon: 02[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:13 gateway charon: 02[MGR] check-in of IKE_SA successful. > Nov 10 14:25:16 gateway charon: 01[MGR] checkout IKE_SA by message > Nov 10 14:25:16 gateway charon: 01[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:16 gateway charon: 01[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:16 gateway charon: 01[ENC] decryption failed, invalid > length Nov 10 14:25:16 gateway charon: 01[ENC] could not decrypt > payloads Nov 10 14:25:16 gateway charon: 01[IKE] integrity check > failed Nov 10 14:25:16 gateway charon: 01[ENC] generating > INFORMATIONAL_V1 request 1337183494 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:16 gateway charon: 01[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:16 gateway charon: 01[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:16 gateway charon: 01[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:16 gateway charon: 01[MGR] check-in of IKE_SA successful. > Nov 10 14:25:16 gateway charon: 13[MGR] checkout IKE_SA by message > Nov 10 14:25:16 gateway charon: 13[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:16 gateway charon: 13[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:16 gateway charon: 13[ENC] decryption failed, invalid > length Nov 10 14:25:16 gateway charon: 13[ENC] could not decrypt > payloads Nov 10 14:25:16 gateway charon: 13[IKE] integrity check > failed Nov 10 14:25:16 gateway charon: 13[ENC] generating > INFORMATIONAL_V1 request 4186574038 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:16 gateway charon: 13[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:16 gateway charon: 13[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:16 gateway charon: 13[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:16 gateway charon: 13[MGR] check-in of IKE_SA successful. > Nov 10 14:25:19 gateway charon: 06[MGR] checkout IKE_SA by message > Nov 10 14:25:19 gateway charon: 06[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:19 gateway charon: 06[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:19 gateway charon: 06[ENC] decryption failed, invalid > length Nov 10 14:25:19 gateway charon: 06[ENC] could not decrypt > payloads Nov 10 14:25:19 gateway charon: 06[IKE] integrity check > failed Nov 10 14:25:19 gateway charon: 06[ENC] generating > INFORMATIONAL_V1 request 2768949833 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:19 gateway charon: 06[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:19 gateway charon: 06[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:19 gateway charon: 06[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:19 gateway charon: 06[MGR] check-in of IKE_SA successful. > Nov 10 14:25:19 gateway charon: 15[MGR] checkout IKE_SA by message > Nov 10 14:25:19 gateway charon: 15[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:19 gateway charon: 15[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:19 gateway charon: 15[ENC] decryption failed, invalid > length Nov 10 14:25:19 gateway charon: 15[ENC] could not decrypt > payloads Nov 10 14:25:19 gateway charon: 15[IKE] integrity check > failed Nov 10 14:25:19 gateway charon: 15[ENC] generating > INFORMATIONAL_V1 request 909043028 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:19 gateway charon: 15[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:19 gateway charon: 15[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:19 gateway charon: 15[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:19 gateway charon: 15[MGR] check-in of IKE_SA successful. > Nov 10 14:25:22 gateway charon: 11[MGR] checkout IKE_SA by message > Nov 10 14:25:22 gateway charon: 11[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:22 gateway charon: 11[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:22 gateway charon: 11[ENC] decryption failed, invalid > length Nov 10 14:25:22 gateway charon: 11[ENC] could not decrypt > payloads Nov 10 14:25:22 gateway charon: 11[IKE] integrity check > failed Nov 10 14:25:22 gateway charon: 11[ENC] generating > INFORMATIONAL_V1 request 2987174101 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:22 gateway charon: 11[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:22 gateway charon: 11[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:22 gateway charon: 11[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:22 gateway charon: 11[MGR] check-in of IKE_SA successful. > Nov 10 14:25:22 gateway charon: 05[MGR] checkout IKE_SA by message > Nov 10 14:25:22 gateway charon: 05[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:22 gateway charon: 05[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:22 gateway charon: 05[ENC] decryption failed, invalid > length Nov 10 14:25:22 gateway charon: 05[ENC] could not decrypt > payloads Nov 10 14:25:22 gateway charon: 05[IKE] integrity check > failed Nov 10 14:25:22 gateway charon: 05[ENC] generating > INFORMATIONAL_V1 request 2459254495 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:22 gateway charon: 05[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:22 gateway charon: 05[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:22 gateway charon: 05[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:22 gateway charon: 05[MGR] check-in of IKE_SA successful. > Nov 10 14:25:34 gateway charon: 04[MGR] checkout IKE_SA by message > Nov 10 14:25:34 gateway charon: 04[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:34 gateway charon: 04[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:34 gateway charon: 04[ENC] decryption failed, invalid > length Nov 10 14:25:34 gateway charon: 04[ENC] could not decrypt > payloads Nov 10 14:25:34 gateway charon: 04[IKE] integrity check > failed Nov 10 14:25:34 gateway charon: 04[ENC] generating > INFORMATIONAL_V1 request 1662440368 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:34 gateway charon: 04[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:34 gateway charon: 04[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:34 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:34 gateway charon: 04[MGR] check-in of IKE_SA successful. > Nov 10 14:25:34 gateway charon: 03[MGR] checkout IKE_SA by message > Nov 10 14:25:34 gateway charon: 03[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:34 gateway charon: 03[NET] received packet: from > <client-ip>[56633] to <server-ip>[4500] > Nov 10 14:25:34 gateway charon: 03[ENC] decryption failed, invalid > length Nov 10 14:25:34 gateway charon: 03[ENC] could not decrypt > payloads Nov 10 14:25:34 gateway charon: 03[IKE] integrity check > failed Nov 10 14:25:34 gateway charon: 03[ENC] generating > INFORMATIONAL_V1 request 3160971383 [ HASH N(INVAL_HASH) ] > Nov 10 14:25:34 gateway charon: 03[NET] sending packet: from > <server-ip>[500] to <client-ip>[56616] > Nov 10 14:25:34 gateway charon: 03[IKE] ID_PROT request with message > ID 0 processing failed > Nov 10 14:25:34 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1] > Nov 10 14:25:34 gateway charon: 03[MGR] check-in of IKE_SA successful. > Nov 10 14:25:43 gateway charon: 07[JOB] got event, queuing job for > execution Nov 10 14:25:43 gateway charon: 07[JOB] no events, waiting > Nov 10 14:25:43 gateway charon: 02[MGR] checkout IKE_SA > Nov 10 14:25:43 gateway charon: 02[MGR] IKE_SA (unnamed)[1] > successfully checked out > Nov 10 14:25:43 gateway charon: 02[JOB] deleting half open IKE_SA > after timeout > Nov 10 14:25:43 gateway charon: 02[MGR] checkin and destroy IKE_SA > (unnamed)[1] > Nov 10 14:25:43 gateway charon: 02[MGR] check-in and destroy of > IKE_SA successful > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
