So can you show me the corresponding strongSwan server log? Andreas
On 07/28/2015 02:33 PM, Nitin Agarwal wrote: > Hi Andreas > > On server side, I am using :- > Linux strongSwan U4.6.2/ > > And, on modem side :- > Linux[Debian, Voyage] strongSwan U4.4.1 > > > *Best Regards* > *Nitin Agarwal* > *Team Leader R&D* > *Symstream Technology Group* > M +91 9818893018 > [email protected] <mailto:[email protected]>_ | > Skype: nitin_symstream > > > > > > > > On Tue, Jul 28, 2015 at 3:22 PM, Andreas Steffen > <[email protected] <mailto:[email protected]>> > wrote: > > Hi Nitin, > > what VPN product is running on the server, since 1) it produces > notifications in an invalid format and 2) it probably speaks > IKEv1 only, because it replies with INVALID_MAJOR_VERSION to > an IKEv2 request? > > Best regards > > Andreas > > On 28.07.2015 10:40, Nitin Agarwal wrote: > > Hi Noel > > I have done the changes, But still the tunnels are down for upto 10 > minutes, sometime. > This is what I got from Syslog, and these errors are different at > different times :- > > 1) > Jul 28 09:28:36 alix6f2-619703 charon: 12[IKE] initiating IKE_SA > 52.64.105.113_cnc[2] to 52.74.240.246 > Jul 28 09:28:36 alix6f2-619703 charon: 12[ENC] generating > IKE_SA_INIT > request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > Jul 28 09:28:36 alix6f2-619703 charon: 12[NET] sending packet: from > 100.116.187.100[500] to 52.74.240.246[500] > Jul 28 09:28:37 alix6f2-619703 charon: 16[NET] received packet: from > 52.74.240.246[500] to 100.116.187.100[500] > Jul 28 09:28:37 alix6f2-619703 charon: 16[ENC] invalid notify data > length for INVALID_MAJOR_VERSION (20) > Jul 28 09:28:37 alix6f2-619703 charon: 16[ENC] *NOTIFY payload > verification failed * > Jul 28 09:28:37 alix6f2-619703 charon: 16[IKE] IKE_SA_INIT > response with > message ID 0 processing failed > Jul 28 09:28:40 alix6f2-619703 charon: 13[IKE] retransmit 1 of > request > with message ID 0 > > > 2) Jul 28 09:29:40 alix6f2-619703 charon: 13[ENC] generating > IKE_SA_INIT > request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > Jul 28 09:29:40 alix6f2-619703 charon: 13[NET] sending packet: from > 100.116.187.100[500] to 52.74.240.246[500] > Jul 28 09:29:41 alix6f2-619703 charon: 16[NET] received packet: from > 52.74.240.246[500] to 100.116.187.100[500] > Jul 28 09:29:41 alix6f2-619703 charon: 16[ENC] parsed IKE_SA_INIT > response 0 [ N(INVAL_SYN) ] > Jul 28 09:29:41 alix6f2-619703 charon: 16[IKE]*received > INVALID_SYNTAX > notify error * > > > can anybody please suggest why this is happening ? > > > > > *Best Regards* > *Nitin Agarwal* > > > > > > > On Wed, Jul 22, 2015 at 3:59 PM, Noel Kuntze > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > wrote: > > > Hello Nitin, > > You're using IKEv2, which uses a global timeout setting in > strongswan.conf, > not dpdtimeout. > - From the man page for ipsec.conf: > dpdtimeout = 150s | <time> > defines the timeout interval, after which all > connections to a peer are deleted in case of inactivity. >> This only > applies to IKEv1, in IKEv2 the default retransmission > timeout applies, as every exchange is used to >> detect > dead peers. > > Look at the "IKEv2 RETRANSMISSION" section of the man page for > strongswan.conf. > > Alternatively, use IKEv1. > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 22.07.2015 um 07:26 schrieb Nitin Agarwal: >> Hello Guys > >> I am trying to achieve stable tunnel connectivity between >> two systems. >> My System 1 is a modem having ppp connection.And, System 2 >> is a server. > >> On System 1, IP use to change and whenever IP changes, >> sometime system takes upto 20 minutes to form stable tunnel. >> Sometime is just 50 seconds also. PPP connection takes around 25 >> seconds to release old IP and acquire new one. > >> I am attaching the existing configuration. >> Please suggest, if I need to modify the configurations or >> I am missing something. > > > > > > *Best Regards* > > *Nitin Agarwal* > > > > > > > > > > This message (and any associated files) is intended only >> for the > use of the individual or entity to which it is addressed and may > contain information that is confidential, subject to >> copyright or > constitutes a trade secret. If you are not the intended >> recipient > you are hereby notified that any dissemination, copying or > distribution of this message, or files associated with this >> message, > is strictly prohibited. If you have received this message in >> error, > please notify Symstream Technology Group immediately by >> replying to > the message and deleting it from your computer. Messages >> sent to and > from us may be monitored. Internet communications cannot be > guaranteed to be secure or error-free as information could be > intercepted, corrupted, lost, destroyed, arrive late or >> incomplete, > or contain viruses. Therefore, we do not accept >> responsibility for > any errors or omissions that are present in this message, or any > attachment, that have arisen as a result of e-mail >> transmission. If > verification is required, please request a hard-copy >> version. Any > views or opinions presented are solely those of the author >> and do > not necessarily represent those of the company. > > ------------------------- > > > > _______________________________________________ > > Users mailing list > > [email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> > > https://lists.strongswan.org/mailman/listinfo/users > > > > > > This message (and any associated files) is intended only for the > use of > the individual or entity to which it is addressed and may contain > information that is confidential, subject to copyright or > constitutes a > trade secret. If you are not the intended recipient you are hereby > notified that any dissemination, copying or distribution of this > message, or files associated with this message, is strictly > prohibited. > If you have received this message in error, please notify Symstream > Technology Group immediately by replying to the message and > deleting it > from your computer. Messages sent to and from us may be monitored. > Internet communications cannot be guaranteed to be secure or > error-free > as information could be intercepted, corrupted, lost, destroyed, > arrive > late or incomplete, or contain viruses. Therefore, we do not accept > responsibility for any errors or omissions that are present in this > message, or any attachment, that have arisen as a result of e-mail > transmission. If verification is required, please request a > hard-copy > version. Any views or opinions presented are solely those of the > author > and do not necessarily represent those of the company. > > ------------------------------------------------------------------------ > > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > https://lists.strongswan.org/mailman/listinfo/users > > > -- > ====================================================================== > Andreas Steffen > [email protected] <mailto:[email protected]> > strongSwan - the Open Source VPN Solution! > www.strongswan.org <http://www.strongswan.org> > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > > > > This message (and any associated files) is intended only for the use of > the individual or entity to which it is addressed and may contain > information that is confidential, subject to copyright or constitutes a > trade secret. If you are not the intended recipient you are hereby > notified that any dissemination, copying or distribution of this > message, or files associated with this message, is strictly prohibited. > If you have received this message in error, please notify Symstream > Technology Group immediately by replying to the message and deleting it > from your computer. Messages sent to and from us may be monitored. > Internet communications cannot be guaranteed to be secure or error-free > as information could be intercepted, corrupted, lost, destroyed, arrive > late or incomplete, or contain viruses. Therefore, we do not accept > responsibility for any errors or omissions that are present in this > message, or any attachment, that have arisen as a result of e-mail > transmission. If verification is required, please request a hard-copy > version. Any views or opinions presented are solely those of the author > and do not necessarily represent those of the company. > ------------------------------------------------------------------------ -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
