Hi, > Win7 PC --> MiFi (Verizon Wireless) IPv6 --> SoftlayerIPV6 --> VPS.
> authby=xauthrsasig > xauth=server > keyexchange=ikev2 IKEv2 with XAuth makes really no sense. If you want to connect Windows 7 clients with username/password, you probably want EAP-MSCHAPv2. Refer to [1] for details. > :RSA /usr/local/etc/ipsec.d/private/strongswanKey.pem "passwd1" > :XAUTH user "!passwd2" That doesn't look valid, either. Refer to the ipsec.secrets manpage for syntax details, [1] has an example as well. > 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) > N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] > 08[NET] sending packet: from serveripv61[500] to clientipv61[500] (333 bytes) > 09[NET] received packet: from clientipv61[500] to serveripv61[500] (528 bytes) > 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > 09[IKE] received retransmit of request with ID 0, retransmitting response Your client seems to retransmit the IKE_SA_INIT request, most likely because it doesn't get the response message. Possible that it gets lost on the path; a packet sniffer can help to see where it gets lost. As fragmentation is very unlikely for that message, this might be related to a firewall rule somewhere on your path. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
