Hi, > 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) > N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] > 07[NET] sending packet: from 192.168.1.18[500] to 98.26.22x.xx[500] > 03[NET] received packet: from 98.26.22x.xx[4500] to 192.168.1.18[4500] > 03[ENC] not enough input to parse rule 10 ENCRYPTED_DATA > 03[ENC] payload type ENCRYPTED could not be parsed > 03[IKE] message parsing failed > 03[ENC] generating IKE_AUTH response 1 [ N(INVAL_SYN) ]
> This use to work until we moved offices and got a new public ip. The > above leftid reflects the new public ip. I just thought about > something, the CN in the cert, does it need to reflect the new public > ip? No, authentication works independent of payload encryption in IKEv2, so anything wrong with your credentials wouldn't fail that way. More likely is a fragmentation issue: Windows 7 sends a certificate request for each and every CA it knows about, sometimes summing up to several KB of CERTREQs. If these fragments are not reassembled completely/correctly, decryption fails. I'd try to identify how many fragments you see for this IKE_AUTH, and if they get reassembled correctly on the strongSwan end. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
