Thanks for the info. As far as i see it's all about udp fragmentation that raccoon on mac forces. So strongswan is not supporting this as far as i can see. But there is also not much information about this feature on the net. Seems every vendor is cooking his own soup. :(
I will try with a "shorter" certificate as a workaround, and see if it works. Am 11.11.2012 um 22:17 schrieb Tobias Koenig <[email protected]>: > Hi Daniel > > I assume you're using OSX >=10.8, since apple changed something with the > racoon daemon, there are known problems with certificates. I did some > research and tests a few weeks ago while running into the same problem > and could narrow it down to either the size of the certificates and/or > to the included information. > > There are ways to get it working, but you'll probably end up creating > new certificates. Therefor I personally decided to use PSK/XAUTH > with OSX (from Mountain Lion) and IOS 6. > > Check the following links for further infos: > https://discussions.apple.com/thread/4158642?start=15&tstart=0 > > and maybe those: > https://discussions.apple.com/thread/4139538?start=0&tstart=0 > http://www.astaro.org/gateway-products/vpn-site-site-remote-access/44432-cisco-vpn-not-working-apple-ios-6-a.html > > There also was already a discussion on the ML about this (I still > couldn't figure why Martin Willi's certificates are working with > 2048bit): > http://www.mail-archive.com/[email protected]/msg05105.html > > Cheers > > Tobias > > Am Sat, 10 Nov 2012 14:41:32 +0100 > schrieb Daniel Tschinder <[email protected]>: > >> Hello, >> >> I have strongswan working since two years for IKEv2 and Windows7. As >> IKEv2 is not well supported by clients, I'm now trying to add support >> for IKEv1 and testing with the native Mac OS X Client from 10.8. >> >> But now I'm stuck at some weird problem which I seem not to be able >> to solve by myself. The Problem is (as far as I can see) that either >> the MAC is sending an invalid message or the server is not able to >> decrypt. [...] >> Nov 10 13:49:28 gateway charon: 11[ENC] parsing ENCRYPTED_V1 payload >> finished >> Nov 10 13:49:28 gateway charon: 11[ENC] process payload of type >> ENCRYPTED_V1 Nov 10 13:49:28 gateway charon: 11[ENC] found an >> encryption payload Nov 10 13:49:28 gateway charon: 11[ENC] decryption >> failed, invalid length Nov 10 13:49:28 gateway charon: 11[ENC] could >> not decrypt payloads Nov 10 13:49:28 gateway charon: 11[IKE] >> integrity check failed [...] >> >> The Certificates seem to work, as the same one used on the MAC works >> on Windows with IKEv2. >> >> I tried a lot of different settings in ipsec.conf but non of them >> seem to have any impact on the problem. >> >> Hopefully anyone can help me out. >> I appreciate any suggestion, as I'm at the end of my knowledge. >> >> Thanks in advance. >> >> ipsec.conf: >> >> config setup >> charondebug="dmn 3, mgr 3, ike 1, chd 3, job 3, cfg 3, knl >> 3, net 1, asn 1, enc 1, lib 3, esp 3, tls 3" >> >> conn win7 >> reauth=no >> ikelifetime=8h >> left=%defaultroute >> leftcert=peer2_gateway_cert.pem >> leftsubnet=10.0.59.0/24 >> right=%any >> rightsourceip=10.0.51.0/24 >> keyexchange=ikev2 >> auto=add >> >> conn macosx >> xauth=server >> keyexchange=ikev1 >> left=%defaultroute >> leftcert=peer2_gateway_cert.pem >> leftsubnet=10.0.59.0/24 >> leftauth=pubkey >> right=%any >> rightsourceip=10.0.52.0/24 >> rightauth=pubkey >> rightauth2=xauth >> auto=add >> >> ipsec.secret: >> >> : RSA peer2_gateway_key.pem "password" >> user : XAUTH "password" >> >> And here is the log: >> Nov 10 14:25:13 gateway charon: 05[MGR] checkout IKE_SA by message >> Nov 10 14:25:13 gateway charon: 05[MGR] created IKE_SA (unnamed)[1] >> Nov 10 14:25:13 gateway charon: 05[NET] received packet: from >> <client-ip>[56616] to <server-ip>[500] >> Nov 10 14:25:13 gateway charon: 05[ENC] parsed ID_PROT request 0 [ SA >> V V V V V V V V V V V V V V ] >> Nov 10 14:25:13 gateway charon: 05[CFG] looking for an ike config for >> <server-ip>...<client-ip> >> Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 >> (<server-ip> <client-ip>) >> Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, >> prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 >> (<server-ip> <client-ip>) >> Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, >> prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] found matching ike >> config: %any...%any with prio 2 >> Nov 10 14:25:13 gateway charon: 05[IKE] received NAT-T (RFC 3947) >> vendor ID Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-08 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-07 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-06 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-05 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-04 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-03 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-02 vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received >> draft-ietf-ipsec-nat-t-ike-02\n vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received XAuth vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] received Cisco Unity vendor ID >> Nov 10 14:25:13 gateway charon: 05[ENC] received unknown vendor ID: >> 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00 >> Nov 10 14:25:13 gateway charon: 05[IKE] received DPD vendor ID >> Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a >> Main Mode IKE_SA >> Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a >> Main Mode IKE_SA >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> DIFFIE_HELLMAN_GROUP found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> INTEGRITY_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> DIFFIE_HELLMAN_GROUP found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> INTEGRITY_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable >> ENCRYPTION_ALGORITHM found >> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal: >> Nov 10 14:25:13 gateway charon: 05[CFG] proposal matches >> Nov 10 14:25:13 gateway charon: 05[CFG] received proposals: >> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, >> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, >> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, >> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, >> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, >> IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, >> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, >> IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, >> IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, >> IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 >> Nov 10 14:25:13 gateway charon: 05[CFG] configured proposals: >> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, >> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, >> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192 >> Nov 10 14:25:13 gateway charon: 05[CFG] selected proposal: >> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536 >> Nov 10 14:25:13 gateway charon: 05[ENC] generating ID_PROT response 0 >> [ SA V V V ] >> Nov 10 14:25:13 gateway charon: 05[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:13 gateway charon: 07[JOB] next event in 29s 996ms, >> waiting Nov 10 14:25:13 gateway charon: 05[MGR] checkin IKE_SA >> (unnamed)[1] Nov 10 14:25:13 gateway charon: 05[MGR] check-in of >> IKE_SA successful. Nov 10 14:25:13 gateway charon: 04[MGR] checkout >> IKE_SA by message Nov 10 14:25:13 gateway charon: 04[MGR] IKE_SA >> (unnamed)[1] successfully checked out >> Nov 10 14:25:13 gateway charon: 04[NET] received packet: from >> <client-ip>[56616] to <server-ip>[500] >> Nov 10 14:25:13 gateway charon: 04[ENC] parsed ID_PROT request 0 [ KE >> No NAT-D NAT-D ] >> Nov 10 14:25:13 gateway charon: 04[LIB] size of DH secret exponent: >> 1535 bits >> Nov 10 14:25:13 gateway charon: 04[IKE] remote host is behind NAT >> Nov 10 14:25:13 gateway charon: 04[IKE] sending cert request for >> "C=DE, ST=Berlin, O=<Organization>, CN=<Name> CA, E=<email>" >> Nov 10 14:25:13 gateway charon: 04[ENC] generating ID_PROT response 0 >> [ KE No CERTREQ NAT-D NAT-D ] >> Nov 10 14:25:13 gateway charon: 04[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:13 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:13 gateway charon: 04[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:13 gateway charon: 03[MGR] checkout IKE_SA by message >> Nov 10 14:25:13 gateway charon: 03[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:13 gateway charon: 03[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:13 gateway charon: 03[ENC] decryption failed, invalid >> length Nov 10 14:25:13 gateway charon: 03[ENC] could not decrypt >> payloads Nov 10 14:25:13 gateway charon: 03[IKE] integrity check >> failed Nov 10 14:25:13 gateway charon: 03[ENC] generating >> INFORMATIONAL_V1 request 374731955 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:13 gateway charon: 03[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:13 gateway charon: 03[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:13 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:13 gateway charon: 03[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:13 gateway charon: 02[MGR] checkout IKE_SA by message >> Nov 10 14:25:13 gateway charon: 02[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:13 gateway charon: 02[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:13 gateway charon: 02[ENC] decryption failed, invalid >> length Nov 10 14:25:13 gateway charon: 02[ENC] could not decrypt >> payloads Nov 10 14:25:13 gateway charon: 02[IKE] integrity check >> failed Nov 10 14:25:13 gateway charon: 02[ENC] generating >> INFORMATIONAL_V1 request 1955652691 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:13 gateway charon: 02[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:13 gateway charon: 02[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:13 gateway charon: 02[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:13 gateway charon: 02[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:16 gateway charon: 01[MGR] checkout IKE_SA by message >> Nov 10 14:25:16 gateway charon: 01[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:16 gateway charon: 01[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:16 gateway charon: 01[ENC] decryption failed, invalid >> length Nov 10 14:25:16 gateway charon: 01[ENC] could not decrypt >> payloads Nov 10 14:25:16 gateway charon: 01[IKE] integrity check >> failed Nov 10 14:25:16 gateway charon: 01[ENC] generating >> INFORMATIONAL_V1 request 1337183494 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:16 gateway charon: 01[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:16 gateway charon: 01[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:16 gateway charon: 01[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:16 gateway charon: 01[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:16 gateway charon: 13[MGR] checkout IKE_SA by message >> Nov 10 14:25:16 gateway charon: 13[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:16 gateway charon: 13[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:16 gateway charon: 13[ENC] decryption failed, invalid >> length Nov 10 14:25:16 gateway charon: 13[ENC] could not decrypt >> payloads Nov 10 14:25:16 gateway charon: 13[IKE] integrity check >> failed Nov 10 14:25:16 gateway charon: 13[ENC] generating >> INFORMATIONAL_V1 request 4186574038 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:16 gateway charon: 13[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:16 gateway charon: 13[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:16 gateway charon: 13[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:16 gateway charon: 13[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:19 gateway charon: 06[MGR] checkout IKE_SA by message >> Nov 10 14:25:19 gateway charon: 06[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:19 gateway charon: 06[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:19 gateway charon: 06[ENC] decryption failed, invalid >> length Nov 10 14:25:19 gateway charon: 06[ENC] could not decrypt >> payloads Nov 10 14:25:19 gateway charon: 06[IKE] integrity check >> failed Nov 10 14:25:19 gateway charon: 06[ENC] generating >> INFORMATIONAL_V1 request 2768949833 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:19 gateway charon: 06[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:19 gateway charon: 06[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:19 gateway charon: 06[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:19 gateway charon: 06[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:19 gateway charon: 15[MGR] checkout IKE_SA by message >> Nov 10 14:25:19 gateway charon: 15[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:19 gateway charon: 15[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:19 gateway charon: 15[ENC] decryption failed, invalid >> length Nov 10 14:25:19 gateway charon: 15[ENC] could not decrypt >> payloads Nov 10 14:25:19 gateway charon: 15[IKE] integrity check >> failed Nov 10 14:25:19 gateway charon: 15[ENC] generating >> INFORMATIONAL_V1 request 909043028 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:19 gateway charon: 15[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:19 gateway charon: 15[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:19 gateway charon: 15[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:19 gateway charon: 15[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:22 gateway charon: 11[MGR] checkout IKE_SA by message >> Nov 10 14:25:22 gateway charon: 11[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:22 gateway charon: 11[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:22 gateway charon: 11[ENC] decryption failed, invalid >> length Nov 10 14:25:22 gateway charon: 11[ENC] could not decrypt >> payloads Nov 10 14:25:22 gateway charon: 11[IKE] integrity check >> failed Nov 10 14:25:22 gateway charon: 11[ENC] generating >> INFORMATIONAL_V1 request 2987174101 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:22 gateway charon: 11[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:22 gateway charon: 11[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:22 gateway charon: 11[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:22 gateway charon: 11[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:22 gateway charon: 05[MGR] checkout IKE_SA by message >> Nov 10 14:25:22 gateway charon: 05[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:22 gateway charon: 05[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:22 gateway charon: 05[ENC] decryption failed, invalid >> length Nov 10 14:25:22 gateway charon: 05[ENC] could not decrypt >> payloads Nov 10 14:25:22 gateway charon: 05[IKE] integrity check >> failed Nov 10 14:25:22 gateway charon: 05[ENC] generating >> INFORMATIONAL_V1 request 2459254495 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:22 gateway charon: 05[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:22 gateway charon: 05[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:22 gateway charon: 05[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:22 gateway charon: 05[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:34 gateway charon: 04[MGR] checkout IKE_SA by message >> Nov 10 14:25:34 gateway charon: 04[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:34 gateway charon: 04[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:34 gateway charon: 04[ENC] decryption failed, invalid >> length Nov 10 14:25:34 gateway charon: 04[ENC] could not decrypt >> payloads Nov 10 14:25:34 gateway charon: 04[IKE] integrity check >> failed Nov 10 14:25:34 gateway charon: 04[ENC] generating >> INFORMATIONAL_V1 request 1662440368 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:34 gateway charon: 04[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:34 gateway charon: 04[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:34 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:34 gateway charon: 04[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:34 gateway charon: 03[MGR] checkout IKE_SA by message >> Nov 10 14:25:34 gateway charon: 03[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:34 gateway charon: 03[NET] received packet: from >> <client-ip>[56633] to <server-ip>[4500] >> Nov 10 14:25:34 gateway charon: 03[ENC] decryption failed, invalid >> length Nov 10 14:25:34 gateway charon: 03[ENC] could not decrypt >> payloads Nov 10 14:25:34 gateway charon: 03[IKE] integrity check >> failed Nov 10 14:25:34 gateway charon: 03[ENC] generating >> INFORMATIONAL_V1 request 3160971383 [ HASH N(INVAL_HASH) ] >> Nov 10 14:25:34 gateway charon: 03[NET] sending packet: from >> <server-ip>[500] to <client-ip>[56616] >> Nov 10 14:25:34 gateway charon: 03[IKE] ID_PROT request with message >> ID 0 processing failed >> Nov 10 14:25:34 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1] >> Nov 10 14:25:34 gateway charon: 03[MGR] check-in of IKE_SA successful. >> Nov 10 14:25:43 gateway charon: 07[JOB] got event, queuing job for >> execution Nov 10 14:25:43 gateway charon: 07[JOB] no events, waiting >> Nov 10 14:25:43 gateway charon: 02[MGR] checkout IKE_SA >> Nov 10 14:25:43 gateway charon: 02[MGR] IKE_SA (unnamed)[1] >> successfully checked out >> Nov 10 14:25:43 gateway charon: 02[JOB] deleting half open IKE_SA >> after timeout >> Nov 10 14:25:43 gateway charon: 02[MGR] checkin and destroy IKE_SA >> (unnamed)[1] >> Nov 10 14:25:43 gateway charon: 02[MGR] check-in and destroy of >> IKE_SA successful >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
