[strongSwan] Problem with strongswan 5.x and Comware routers

Fri, 04 Sep 2015 01:16:45 -0700 

Hi guys!
I have run into an issue when using strongswan 5.2.1 and comware 5 router (L2L VPN). Comware is an OS running on HP MSR routers, formerly H3C, also if I'm not mistaken Huawei routers are also using this OS (still as I've understood HP and Huawei develop it independently now). 


So, I've seen such a behaviour in two different situations with HP MSR 
930 and HP MSR 30-40 routers. The problem is the following - tunnel 
initiates, everything is OK, traffic flows and then suddenly tunnel goes 
down. As I can see in logfiles, MSR router for some reason sends the 
"DELETE" to strongswan which then deletes the SA:


*Jan  6 23:53:28:506 2012 msr_router IKE/7/DEBUG:
IKE_DPD: isakmp sa name : 2.2.2.2,1.1.1.1,500,,0
*Jan  6 23:53:28:507 2012 msr_router IKE/7/DEBUG:
IKE_DPD: PF_KEY notify ipsec to update dpd recv_time.
*Jan  6 23:53:28:507 2012 msr_router IKE/7/DEBUG:
IKE_DPD: release ike dpd structure

*Jan  6 23:53:28:507 2012 msr_router IKE/7/DEBUG: exchange release: 
freeing exchange 91bd500
*Jan  6 23:53:38:610 2012 msr_router IKE/7/DEBUG: exchange setup(I): 
91bd500
*Jan  6 23:53:38:611 2012 msr_router IKE/7/DEBUG: add payload to 
message: HASH
*Jan  6 23:53:38:611 2012 msr_router IKE/7/DEBUG: send info message : 
delete isakmp sa
*Jan  6 23:53:38:611 2012 msr_router IKE/7/DEBUG: add payload to 
message: DELETE



Unfortunately I lost the full debug because had to do something with 
this problem as soon as possible. The solution is to revert to 
strongswan 4.5.2 (I guess to any 4.x would be fine). When using 4.5.2 it 
works like a charm - not a single disconnect.


Connection uses ikev1, configuration is the following on 5.2.1:

conn CONNECTION1
        ikelifetime=8h
        keylife=1h
        type=tunnel
        authby=secret
        left=1.1.1.1
        leftsubnet=172.24.54.0/24
        right=2.2.2.2
        rightsubnet=192.168.7.0/24
        dpdaction=hold
        dpddelay=30
        dpdtimeout=150
        ike=aes128-sha1-modp1024
        esp=aes128-sha1
        keyexchange=ikev1
        auto=start

On 4.5.2:

conn CONNECTION1
        ikelifetime=8h
        keylife=1h
        type=tunnel
        authby=secret
        left=1.1.1.1
        leftsubnet=172.24.54.0/24
        right=2.2.2.2
        rightsubnet=192.168.7.0/24
        dpdaction=hold
        dpddelay=30
        dpdtimeout=150
        ike=aes128-sha1-modp1024
        esp=aes128-sha1
        pfs=no
        keyexchange=ikev1
        auto=start


Debug taken on 5.2.1 is in the attachment. I have found a workaround so 
I practically don't need help to resolve the issue but still, but I 
guess there might be some issues with 5.x interoperability with Comware 
routers.



--
With kind regards,
Aleksey
Sep  3 14:37:03 15[CFG] added configuration 'CONNECTION1'
Sep  3 14:37:03 13[CFG] received stroke: initiate 'CONNECTION1'
Sep  3 14:37:03 13[IKE] <CONNECTION1|3> initiating Main Mode IKE_SA 
CONNECTION1[3] to 2.2.2.2
Sep  3 14:37:03 13[ENC] <CONNECTION1|3> generating ID_PROT request 0 [ SA V V V 
V ]
Sep  3 14:37:03 13[NET] <CONNECTION1|3> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (216 bytes)
Sep  3 14:37:03 05[NET] <CONNECTION1|3> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (84 bytes)
Sep  3 14:37:03 05[ENC] <CONNECTION1|3> parsed ID_PROT response 0 [ SA ]
Sep  3 14:37:03 05[ENC] <CONNECTION1|3> generating ID_PROT request 0 [ KE No ]
Sep  3 14:37:03 05[NET] <CONNECTION1|3> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (196 bytes)
Sep  3 14:37:03 14[NET] <CONNECTION1|3> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (216 bytes)
Sep  3 14:37:03 14[ENC] <CONNECTION1|3> parsed ID_PROT response 0 [ KE No V ]
Sep  3 14:37:03 14[IKE] <CONNECTION1|3> received DPD vendor ID
Sep  3 14:37:03 14[ENC] <CONNECTION1|3> generating ID_PROT request 0 [ ID HASH ]
Sep  3 14:37:03 14[NET] <CONNECTION1|3> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:37:03 16[NET] <CONNECTION1|3> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (76 bytes)
Sep  3 14:37:03 16[ENC] <CONNECTION1|3> parsed ID_PROT response 0 [ ID HASH ]
Sep  3 14:37:03 16[IKE] <CONNECTION1|3> IKE_SA CONNECTION1[3] established 
between 1.1.1.1[185.59.101.41]...2.2.2.2[195.189.241.194]
Sep  3 14:37:03 16[IKE] <CONNECTION1|3> scheduling reauthentication in 28060s
Sep  3 14:37:03 16[IKE] <CONNECTION1|3> maximum IKE_SA lifetime 28600s
Sep  3 14:37:03 16[ENC] <CONNECTION1|3> generating QUICK_MODE request 
1620525235 [ HASH SA No ID ID ]
Sep  3 14:37:03 16[NET] <CONNECTION1|3> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (204 bytes)
Sep  3 14:37:03 12[NET] <CONNECTION1|3> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:37:03 12[ENC] <CONNECTION1|3> parsed QUICK_MODE response 1620525235 [ 
HASH SA No ID ID N((24576)) ]
Sep  3 14:37:03 12[IKE] <CONNECTION1|3> CHILD_SA CONNECTION1{4} established 
with SPIs c490b3ac_i e7e9e5e3_o and TS 172.24.54.0/24 === 192.168.7.0/24 
Sep  3 14:37:03 12[ENC] <CONNECTION1|3> generating QUICK_MODE request 
1620525235 [ HASH ]
Sep  3 14:37:03 12[NET] <CONNECTION1|3> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (60 bytes)
Sep  3 14:37:13 13[NET] <CONNECTION1|3> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (92 bytes)
Sep  3 14:37:13 13[ENC] <CONNECTION1|3> parsed INFORMATIONAL_V1 request 
4049130376 [ HASH D ]
Sep  3 14:37:13 13[IKE] <CONNECTION1|3> received DELETE for IKE_SA 
CONNECTION1[3]
Sep  3 14:37:13 13[IKE] <CONNECTION1|3> deleting IKE_SA CONNECTION1[3] between 
1.1.1.1[185.59.101.41]...2.2.2.2[195.189.241.194]
Sep  3 14:38:03 09[CFG] received stroke: initiate 'CONNECTION1'
Sep  3 14:38:03 12[IKE] <CONNECTION1|4> initiating Main Mode IKE_SA 
CONNECTION1[4] to 2.2.2.2
Sep  3 14:38:03 12[ENC] <CONNECTION1|4> generating ID_PROT request 0 [ SA V V V 
V ]
Sep  3 14:38:03 12[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (216 bytes)
Sep  3 14:38:04 05[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (84 bytes)
Sep  3 14:38:04 05[ENC] <CONNECTION1|4> parsed ID_PROT response 0 [ SA ]
Sep  3 14:38:04 05[ENC] <CONNECTION1|4> generating ID_PROT request 0 [ KE No ]
Sep  3 14:38:04 05[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (196 bytes)
Sep  3 14:38:04 10[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (216 bytes)
Sep  3 14:38:04 10[ENC] <CONNECTION1|4> parsed ID_PROT response 0 [ KE No V ]
Sep  3 14:38:04 10[IKE] <CONNECTION1|4> received DPD vendor ID
Sep  3 14:38:04 10[ENC] <CONNECTION1|4> generating ID_PROT request 0 [ ID HASH ]
Sep  3 14:38:04 10[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:38:04 04[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (76 bytes)
Sep  3 14:38:04 04[ENC] <CONNECTION1|4> parsed ID_PROT response 0 [ ID HASH ]
Sep  3 14:38:04 04[IKE] <CONNECTION1|4> IKE_SA CONNECTION1[4] established 
between 1.1.1.1[185.59.101.41]...2.2.2.2[195.189.241.194]
Sep  3 14:38:04 04[IKE] <CONNECTION1|4> scheduling reauthentication in 28122s
Sep  3 14:38:04 04[IKE] <CONNECTION1|4> maximum IKE_SA lifetime 28662s
Sep  3 14:38:04 04[ENC] <CONNECTION1|4> generating QUICK_MODE request 
2571377052 [ HASH SA No ID ID ]
Sep  3 14:38:04 04[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (204 bytes)
Sep  3 14:38:04 02[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:38:04 02[ENC] <CONNECTION1|4> parsed QUICK_MODE response 2571377052 [ 
HASH SA No ID ID N((24576)) ]
Sep  3 14:38:04 02[IKE] <CONNECTION1|4> CHILD_SA CONNECTION1{5} established 
with SPIs c84b4ed4_i 49bf8fb7_o and TS 172.24.54.0/24 === 192.168.7.0/24 
Sep  3 14:38:04 02[ENC] <CONNECTION1|4> generating QUICK_MODE request 
2571377052 [ HASH ]
Sep  3 14:38:04 02[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (60 bytes)
Sep  3 14:38:24 09[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (76 bytes)
Sep  3 14:38:24 09[ENC] <CONNECTION1|4> parsed INFORMATIONAL_V1 request 
381051542 [ HASH D ]
Sep  3 14:38:24 09[IKE] <CONNECTION1|4> received DELETE for ESP CHILD_SA with 
SPI e7e9e5e3
Sep  3 14:38:24 09[IKE] <CONNECTION1|4> CHILD_SA not found, ignored
Sep  3 14:40:32 08[CFG] received stroke: initiate 'CONNECTION1'
Sep  3 14:40:32 09[ENC] <CONNECTION1|4> generating QUICK_MODE request 
3614565114 [ HASH SA No ID ID ]
Sep  3 14:40:32 09[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (204 bytes)
Sep  3 14:40:32 14[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:32 14[ENC] <CONNECTION1|4> parsed QUICK_MODE response 3614565114 [ 
HASH SA No ID ID N((24576)) ]
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 6, the same policy for 
reqid 5 exists
Sep  3 14:40:32 14[IKE] <CONNECTION1|4> unable to install IPsec policies (SPD) 
in kernel
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:32 14[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:32 14[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
3360756536 [ HASH N(NO_PROP) ]
Sep  3 14:40:32 14[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:40:36 15[CFG] received stroke: initiate 'CONNECTION1'
Sep  3 14:40:36 13[ENC] <CONNECTION1|4> generating QUICK_MODE request 
2126544884 [ HASH SA No ID ID ]
Sep  3 14:40:36 13[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (204 bytes)
Sep  3 14:40:36 12[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:36 12[ENC] <CONNECTION1|4> parsed QUICK_MODE response 2126544884 [ 
HASH SA No ID ID N((24576)) ]
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 7, the same policy for 
reqid 5 exists
Sep  3 14:40:36 12[IKE] <CONNECTION1|4> unable to install IPsec policies (SPD) 
in kernel
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:36 12[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:36 12[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
3780525758 [ HASH N(NO_PROP) ]
Sep  3 14:40:36 12[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:40:37 04[CFG] received stroke: initiate 'CONNECTION1'
Sep  3 14:40:37 02[ENC] <CONNECTION1|4> generating QUICK_MODE request 
1154534763 [ HASH SA No ID ID ]
Sep  3 14:40:37 02[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (204 bytes)
Sep  3 14:40:37 08[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:37 08[ENC] <CONNECTION1|4> parsed QUICK_MODE response 1154534763 [ 
HASH SA No ID ID N((24576)) ]
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 172.24.54.0/24 
=== 192.168.7.0/24 out (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 in (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[CFG] <CONNECTION1|4> unable to install policy 192.168.7.0/24 
=== 172.24.54.0/24 fwd (mark 0/0x00000000) for reqid 8, the same policy for 
reqid 5 exists
Sep  3 14:40:37 08[IKE] <CONNECTION1|4> unable to install IPsec policies (SPD) 
in kernel
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 172.24.54.0/24 === 
192.168.7.0/24 out failed, not found
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 in failed, not found
Sep  3 14:40:37 08[KNL] <CONNECTION1|4> deleting policy 192.168.7.0/24 === 
172.24.54.0/24 fwd failed, not found
Sep  3 14:40:37 08[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
257622156 [ HASH N(NO_PROP) ]
Sep  3 14:40:37 08[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:40:45 15[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:45 15[ENC] <CONNECTION1|4> invalid HASH_V1 payload length, 
decryption failed?
Sep  3 14:40:45 15[ENC] <CONNECTION1|4> could not decrypt payloads
Sep  3 14:40:45 15[IKE] <CONNECTION1|4> message parsing failed
Sep  3 14:40:45 15[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
3117021958 [ HASH N(PLD_MAL) ]
Sep  3 14:40:45 15[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:40:45 15[IKE] <CONNECTION1|4> QUICK_MODE request with message ID 
3614565114 processing failed
Sep  3 14:40:48 12[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:48 12[IKE] <CONNECTION1|4> received retransmit of response with ID 
1154534763, but next request already sent
Sep  3 14:40:52 05[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:40:52 05[IKE] <CONNECTION1|4> received retransmit of response with ID 
2126544884, but next request already sent
Sep  3 14:41:02 10[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:02 10[ENC] <CONNECTION1|4> invalid HASH_V1 payload length, 
decryption failed?
Sep  3 14:41:02 10[ENC] <CONNECTION1|4> could not decrypt payloads
Sep  3 14:41:02 10[IKE] <CONNECTION1|4> message parsing failed
Sep  3 14:41:02 10[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
3547927960 [ HASH N(PLD_MAL) ]
Sep  3 14:41:02 10[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:41:02 10[IKE] <CONNECTION1|4> QUICK_MODE request with message ID 
3614565114 processing failed
Sep  3 14:41:04 02[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:04 02[IKE] <CONNECTION1|4> received retransmit of response with ID 
1154534763, but next request already sent
Sep  3 14:41:08 04[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:08 04[IKE] <CONNECTION1|4> received retransmit of response with ID 
2126544884, but next request already sent
Sep  3 14:41:20 06[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:20 06[ENC] <CONNECTION1|4> invalid HASH_V1 payload length, 
decryption failed?
Sep  3 14:41:20 06[ENC] <CONNECTION1|4> could not decrypt payloads
Sep  3 14:41:20 06[IKE] <CONNECTION1|4> message parsing failed
Sep  3 14:41:20 06[ENC] <CONNECTION1|4> generating INFORMATIONAL_V1 request 
788494331 [ HASH N(PLD_MAL) ]
Sep  3 14:41:20 06[NET] <CONNECTION1|4> sending packet: from 1.1.1.1[500] to 
2.2.2.2[500] (76 bytes)
Sep  3 14:41:20 06[IKE] <CONNECTION1|4> QUICK_MODE request with message ID 
3614565114 processing failed
Sep  3 14:41:21 13[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:21 13[IKE] <CONNECTION1|4> received retransmit of response with ID 
1154534763, but next request already sent
Sep  3 14:41:25 16[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (204 bytes)
Sep  3 14:41:25 16[IKE] <CONNECTION1|4> received retransmit of response with ID 
2126544884, but next request already sent
Sep  3 14:42:34 13[NET] <CONNECTION1|4> received packet: from 2.2.2.2[500] to 
1.1.1.1[500] (76 bytes)
Sep  3 14:42:34 13[ENC] <CONNECTION1|4> parsed INFORMATIONAL_V1 request 
2743139089 [ HASH D ]
Sep  3 14:42:34 13[IKE] <CONNECTION1|4> received DELETE for ESP CHILD_SA with 
SPI 49bf8fb7
Sep  3 14:42:34 13[IKE] <CONNECTION1|4> closing CHILD_SA CONNECTION1{5} with 
SPIs c84b4ed4_i (864 bytes) 49bf8fb7_o (3648 bytes) and TS 172.24.54.0/24 === 
192.168.7.0/24 

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users













    











					Reply via email to