Hi Chad, > src 192.168.1.208 dst 192.168.1.3 > proto esp spi 0xc19173e1(3247535073) reqid 4(0x00000004) mode tunnel > replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) > enc cbc(aes) 0xccde20ccf4265eaf08aebd1b0b80c487 (128 bits)
This looks suspicious. The authentication key and algorithm is just missing, which perfectly explains the EINVAL. It should look something like: > src 192.168.0.1 dst 192.168.0.2 > proto esp spi 0xc6a9b39d(3333010333) reqid 1(0x00000001) mode tunnel > replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) > auth hmac(sha1) 0x36269b44dddd07521b8881ef46c386df4bef9b48 (160 bits) > enc cbc(aes) 0x0d19791684cb6f8348992f907cdfd726 (128 bits) Do you see this on both devices? Is this on the DUT? What architecture and kernel does it run? Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
