[strongSwan] the length in the isakmp header is too big.

Mon, 28 Apr 2014 04:14:41 -0700 

Hi,

I am connecting an iPhone to a strongswan instance 
(U5.0.4/K2.6.32-358.11.1.el6.x86_64)... which works fine almost all of the 
time, but for some reason I am now getting this error from the client side (On 
the iPhone):

racoon[7861] <Error>: the length in the isakmp header is too big.

racoon[7861] <Error>: the length in the isakmp header is too big.

racoon[7861] <Error>: the length in the isakmp header is too big.


With no data access at all.

The connection log looks like this from the server side:

Apr 28 11:57:50 hserver-ip charon: 12[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[500] (668 bytes)
Apr 28 11:57:50 hserver-ip charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V 
V V V V V V V V V V V ]
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike 
vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-08 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-07 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-06 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-05 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-04 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-02 vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received 
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received XAuth vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received Cisco Unity vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received FRAGMENTATION vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] received DPD vendor ID
Apr 28 11:57:50 hserver-ip charon: 12[IKE] server.ip.addr is initiating a Main 
Mode IKE_SA
Apr 28 11:57:50 hserver-ip charon: 12[ENC] generating ID_PROT response 0 [ SA V 
V V ]
Apr 28 11:57:50 hserver-ip charon: 12[NET] sending packet: from 
client.ip.addr[500] to server.ip.addr[58943] (136 bytes)
Apr 28 11:57:50 hserver-ip charon: 13[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[500] (228 bytes)
Apr 28 11:57:50 hserver-ip charon: 13[ENC] parsed ID_PROT request 0 [ KE No 
NAT-D NAT-D ]
Apr 28 11:57:50 hserver-ip charon: 13[IKE] remote host is behind NAT
Apr 28 11:57:50 hserver-ip charon: 13[IKE] sending cert request for "[details]"
Apr 28 11:57:50 hserver-ip charon: 13[ENC] generating ID_PROT response 0 [ KE 
No CERTREQ NAT-D NAT-D ]
Apr 28 11:57:50 hserver-ip charon: 13[NET] sending packet: from 
client.ip.addr[500] to server.ip.addr[58943] (418 bytes)
Apr 28 11:57:50 hserver-ip charon: 10[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (1436 bytes)
Apr 28 11:57:50 hserver-ip charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT 
SIG CERTREQ N(INITIAL_CONTACT) ]
Apr 28 11:57:50 hserver-ip charon: 10[IKE] ignoring certificate request without 
data
Apr 28 11:57:50 hserver-ip charon: 10[IKE] received end entity cert "[details]"
Apr 28 11:57:50 hserver-ip charon: 10[CFG] looking for XAuthInitRSA peer 
configs matching client.ip.addr...server.ip.addr[[details]]
Apr 28 11:57:50 hserver-ip charon: 10[CFG] selected peer config "auth peer"
Apr 28 11:57:50 hserver-ip charon: 10[CFG]   using certificate "[details]"
Apr 28 11:57:50 hserver-ip charon: 10[CFG]   using trusted ca certificate 
"[details]"
Apr 28 11:57:50 hserver-ip charon: 10[CFG] checking certificate status of 
"[details]"
Apr 28 11:57:50 hserver-ip charon: 10[CFG] certificate status is not available
Apr 28 11:57:50 hserver-ip charon: 10[CFG]   reached self-signed root ca with a 
path length of 0
Apr 28 11:57:50 hserver-ip charon: 10[IKE] authentication of '[details]' with 
RSA successful
Apr 28 11:57:50 hserver-ip charon: 10[IKE] authentication of '[details]' 
(myself) successful
Apr 28 11:57:50 hserver-ip charon: 10[IKE] sending end entity cert "[details]"
Apr 28 11:57:50 hserver-ip charon: 10[ENC] generating ID_PROT response 0 [ ID 
CERT SIG ]
Apr 28 11:57:50 hserver-ip charon: 10[NET] sending packet: from 
client.ip.addr[4500] to server.ip.addr[58943] (1484 bytes)
Apr 28 11:57:50 hserver-ip charon: 10[ENC] generating TRANSACTION request 
3957482274 [ HASH CP ]
Apr 28 11:57:50 hserver-ip charon: 10[NET] sending packet: from 
client.ip.addr[4500] to server.ip.addr[58943] (76 bytes)
Apr 28 11:57:51 hserver-ip charon: 09[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (92 bytes)
Apr 28 11:57:51 hserver-ip charon: 09[ENC] parsed TRANSACTION response 
3957482274 [ HASH CP ]
Apr 28 11:57:51 hserver-ip charon: 09[IKE] XAuth authentication of 'user ref' 
successful
Apr 28 11:57:51 hserver-ip charon: 09[ENC] generating TRANSACTION request 
1139733046 [ HASH CP ]
Apr 28 11:57:51 hserver-ip charon: 09[NET] sending packet: from 
client.ip.addr[4500] to server.ip.addr[58943] (76 bytes)
Apr 28 11:57:51 hserver-ip charon: 14[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (76 bytes)
Apr 28 11:57:51 hserver-ip charon: 14[ENC] parsed TRANSACTION response 
1139733046 [ HASH CP ]
Apr 28 11:57:51 hserver-ip charon: 14[IKE] IKE_SA ios-user-ref[13] established 
between client.ip.addr[[details]]
Apr 28 11:57:51 hserver-ip charon: 14[IKE] scheduling reauthentication in 9976s
Apr 28 11:57:51 hserver-ip charon: 14[IKE] maximum IKE_SA lifetime 10516s
Apr 28 11:57:51 hserver-ip charon: 15[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (172 bytes)
Apr 28 11:57:51 hserver-ip charon: 15[ENC] unknown attribute type (28683)
Apr 28 11:57:51 hserver-ip charon: 15[ENC] parsed TRANSACTION request 582035330 
[ HASH CP ]
Apr 28 11:57:51 hserver-ip charon: 15[IKE] peer requested virtual IP %any
Apr 28 11:57:51 hserver-ip charon: 15[CFG] reassigning offline lease to 
'user-ref'
Apr 28 11:57:51 hserver-ip charon: 15[IKE] assigning virtual IP 10.0.1.153 to 
peer 'user ref'
Apr 28 11:57:51 hserver-ip charon: 15[ENC] generating TRANSACTION response 
582035330 [ HASH CP ]
Apr 28 11:57:51 hserver-ip charon: 15[NET] sending packet: from 
client.ip.addr[4500] to server.ip.addr[58943] (92 bytes)
Apr 28 11:57:51 hserver-ip charon: 12[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (300 bytes)
Apr 28 11:57:51 hserver-ip charon: 12[ENC] parsed QUICK_MODE request 3381591487 
[ HASH SA No ID ID ]
Apr 28 11:57:51 hserver-ip charon: 12[ENC] generating QUICK_MODE response 
3381591487 [ HASH SA No ID ID ]
Apr 28 11:57:51 hserver-ip charon: 12[NET] sending packet: from 
client.ip.addr[4500] to server.ip.addr[58943] (172 bytes)
Apr 28 11:57:51 hserver-ip charon: 13[NET] received packet: from 
server.ip.addr[58943] to client.ip.addr[4500] (60 bytes)
Apr 28 11:57:51 hserver-ip charon: 13[ENC] parsed QUICK_MODE request 3381591487 
[ HASH ]
Apr 28 11:57:51 hserver-ip charon: 13[IKE] CHILD_SA ios-user-ref{8} established 
with SPIs c589dd40_i 098b2775_o and TS 0.0.0.0/0 === 10.0.1.153/32

Any ideas what is going wrong?

Thanks!

H.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to