Hi Axel, sorry for the late reply, but my internet access is a bit limited right now.
On 10/23/2014 02:07 PM, Axel Zöllich wrote: > Am Mittwoch, 22. Oktober 2014, 17:49:16 schrieb Axel Zöllich: >> Right side reseted there "draytek vigor 2860" e voila: le tunnel c'etablit. >> I don't like this kind of solutions... > > but the right side is still resending a package (13 and 23)? I'm not sure what you mean by 13 and 23. I can however see that again your peer is not responding to your first encrypted request (btw: the connection is supposed to be authenticated pre-shared keys). Can you please do the following: 'ipsec stroke loglevel ike 4' # this should show us the keying material (unlike my first advice it's the ike facility, not the enc facility). Then try to get your draytek to initiate the connection so we can see if the packets can be a) decrypted b) authenticated using PSK Hope that helps. Thomas _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
