Hello Volker, >This packet was a large packet and was sent as two UDP fragments. One or >possibly both fragments were >dropped on the route to the other side. Is it possible to handle the packets fragmentation to fix the problem? Unfortunately, the real world situation is such that in the majority of cases it is impossible to intervene on the intermediate router (provider's setup, hot spots etc). Initially this was the reason that we started to store the certificated locally on each side. Otherwise even initial IKE handshake was unsuccessful.
> I can see this is still your setup with the NAT router. > you should try to fix the router. There is no possibility to do that. Looking forward to your thoughts and wish you a Happy New Year! Regards, Serge > ----- Original Message ----- > From: Volker Rümelin > Sent: 12/31/13 12:03 AM > To: s s, [email protected] > Subject: Re: [strongSwan] strongswan-5.1.1 with 4.xx, tunnel pb > > Hello Serge, > > > Dec 29 22:23:19 karma charon: 11[ENC] generating IKE_AUTH response 1 [ IDr > > CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) > > N(ADD_6_ADDR) ] > > Dec 29 22:23:19 karma charon: 11[NET] sending packet: from > > 192.168.4.10[4500] to 192.168.4.87[62698] (1612 bytes) > > This packet was a large packet and was sent as two UDP fragments. One or > possibly both fragments were > dropped on the route to the other side. > > > > > Dec 29 22:23:23 karma charon: 12[NET] received packet: from > > 192.168.4.87[62698] to 192.168.4.10[4500] (1500 bytes) > > Dec 29 22:23:23 karma charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi CERT > > CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) ] > > Dec 29 22:23:23 karma charon: 12[IKE] received retransmit of request with > > ID 1, retransmitting response > > Dec 29 22:23:23 karma charon: 12[NET] sending packet: from > > 192.168.4.10[4500] to 192.168.4.87[62698] (1612 bytes) > > Dec 29 22:23:30 karma charon: 09[NET] received packet: from > > 192.168.4.87[62698] to 192.168.4.10[4500] (1500 bytes) > > I can see this is still your setup with the NAT router. Most likely you have > a problem with this router and > you should try to fix the router. > > Regards, > Volker _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
