Re: [strongSwan] payload of type AUTH more than 1 times (2) occurred in current message

Tue, 14 Jul 2015 03:13:30 -0700 

Hi Alexis,

it looks as if the 3rd party VPN client sends two AUTH payloads in its
IKE_AUTH request. This does not conform with the IKEv2 RFC. Could you
send me a strongSwan log file with the log level set to

  charondebug="ike 3"

in ipsec.conf.

Best regards

Andreas

On 07/13/2015 09:23 PM, Alexis Salinas wrote:
> Hello All,
> I'm testing strongSwan as a VPN gateway for a 3rd party VPN client.  PSK and 
> certificate authentication works fine, but when testing EAP-TLS and I get 
> this error message on the strongSwan side, after the EAP authentication 
> succeeds. 
> 
> Jul 10 16:42:11 debian-vm1-alexis charon: 14[ENC] payload of type AUTH more 
> than 1 times (2) occurred in current message
> Jul 10 16:42:11 debian-vm1-alexis charon: 14[IKE] message verification failed
> 
> See attachment for full  logs.
> 
> Here is my strongSwan configuration:
> 
> # ipsec.conf - strongSwan IPsec configuration file
> 
> config setup
>       # strictcrlpolicy=yes
>       # uniqueids = no
> 
> conn %default
>       ikelifetime=60m
>       keylife=20m
>       rekeymargin=3m
>       keyingtries=1
>       keyexchange=ikev2
> 
> conn rw-eap-tls
>         left=10.1.65.147
>       [email protected]
>         leftsubnet=10.99.0.0/24
>       leftcert=ocmCert.pem
>       leftauth=pubkey
>       leftfirewall=yes
>       rightsourceip=172.22.0.0/24
>       rightauth=eap-radius
>       rightsendcert=never
>       right=%any
>       auto=add
>       eap_identity=%identity
> 
> Does any of you know what this is about? 
> 
> what is strongSwan expecting at this point? Looking at the RFC [1] there 
> should be a message type AUTH (message 7). 
> 
> I can enable more logging if needed.
> 
> Thanks.
> Alexis.
> 
> 
> 
> [1] : https://tools.ietf.org/html/rfc7296#section-2.16
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> [email protected]
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to