Hi Tobias, > So you're using IKEv1 now? (Was IKEv2 in your original mail, and you > should definitely prefer that if you can.)
yes this is another customer. I should have opened another thread. > Different IKE proposals. With ipsec.conf the default proposal(s) are > added to whatever you configure in ike/esp unless that ends with a !. > With swanctl.conf the default proposal(s) have to be added explicitly to > the IKE/ESP proposals (e.g. in your example `proposals = > 3des-sha1-modp1024, default`) . So that indicates your configured > proposal is incorrect. But that's a completely different problem than > the one you had before with IKEv2. thanks for the explanation. I have found the problematic parameter: reauth_time decreasing from 24h to 20h I got this message: [IKE] initiating Main Mode IKE_SA cbt[874] to 31.169.105.210 [ENC] generating ID_PROT request 0 [ SA V V V V V ] [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (248 bytes) [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (140 bytes) [ENC] parsed ID_PROT response 0 [ SA V V V ] [ENC] received unknown vendor ID: 4f:45:68:79:4c:64:41:43:65:63:66:61 [IKE] received DPD vendor ID [IKE] received NAT-T (RFC 3947) vendor ID [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (244 bytes) [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (228 bytes) [ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] [ENC] generating ID_PROT request 0 [ ID HASH ] [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (68 bytes) [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (40 bytes) [ENC] parsed INFORMATIONAL_V1 request 2534754901 [ N(PLD_MAL) ] [ENC] ignoring unprotected INFORMATIONAL from 31.169.105.210 [IKE] message verification failed [IKE] ignore malformed INFORMATIONAL request [IKE] INFORMATIONAL_V1 request with message ID 2534754901 processing failed [IKE] sending retransmit 1 of request message ID 0, seq 3 [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (68 bytes) [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (40 bytes) [ENC] parsed INFORMATIONAL_V1 request 1470134926 [ N(PLD_MAL) ] [ENC] ignoring unprotected INFORMATIONAL from 31.169.105.210 [IKE] message verification failed [IKE] ignore malformed INFORMATIONAL request [IKE] INFORMATIONAL_V1 request with message ID 1470134926 processing failed
