(Sorry email again with fixed from-address) Hello Noel
Noel Kuntze <[email protected]> wrote: >> But when I look at the log on my site together with >> "tcpdump -i ppp0", I have the impression that ikev2_auth >> is sent (once). > > This looks good. Check if that packet makes it there. Some IKE implementations > just drop all packets from other peers when authentication fails and report a > local > error instead of sending a noficication back. Sorry for not answering so long. Unfortunately the problem is still pending. The remote site (which I cannot control for now) says that the tunnel is up and running (!) but on my site I still have Security Associations (1 up, 0 connecting): home[1]: CONNECTING, and this should be ESTABLISHED I think? (a ping from my site 10.4.48.5 to the remote site 10.4.30.11 is not possible). Still I do not see a response to child_sa ikev2_auth[I]: 11:26:44.073488 IP 10.0.54.146.500 > 83.137.25.197.500: isakmp: parent_sa ikev2_init[I] 11:26:45.256562 IP 83.137.25.197.500 > 10.0.54.146.500: isakmp: parent_sa ikev2_init[R] 11:26:45.379980 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: isakmp: child_sa ikev2_auth[I] 11:26:49.388349 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: isakmp: child_sa ikev2_auth[I] Do you agree that is the source of the problem? In case I switch "type=tunnel" to "type=transport" I see (as expected): 11:25:22.706710 IP 10.0.54.146.500 > 83.137.25.197.500: isakmp: parent_sa ikev2_init[I] 11:25:23.752559 IP 83.137.25.197.500 > 10.0.54.146.500: isakmp: parent_sa ikev2_init[R] 11:25:23.884131 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: isakmp: child_sa ikev2_auth[I] 11:25:24.003467 IP 83.137.25.197.4500 > 10.0.54.146.4500: NONESP-encap: isakmp: child_sa ikev2_auth[R] But transport is not what i want, I assume.... Do you have an idea what I can do without having full access to the remote site? Kind regards René _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
