<div dir="ltr"><div>Hi,</div><div><br></div><div>It would be great help if anybody can help on this.</div><div>I am still facing this issue.</div><div><br></div><div>Thanks in advance.</div><div><br></div><div>Regards,</div><div>Bhashkar</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 12, 2016 at 11:12 AM, bhashkar prakash Singh <span dir="ltr"><<a href="mailto:singh.bhashkar@gmail.com" target="_blank">singh.bhashkar@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Can someone please help on this.<br>
<br>
Thanks & Regards,<br>
Bhashkar<br>
<br>
<br>
On 1/10/16, bhashkar prakash Singh <<a href="mailto:singh.bhashkar@gmail.com">singh.bhashkar@gmail.com</a>> wrote:<br>
> Hi,<br>
><br>
> Recently I upgraded strongswan version 5.3.5 from 4.5.3. After upgrade I<br>
> see tunnels are not established when using IKEV1 protocol. With IKEV2, no<br>
> issue seen.<br>
> I am seeing error "*integrity check failed *" when using IKEV1. I am<br>
> unable to figure out what problem can be with IKEV1.<br>
><br>
> Can someone please help on this ?<br>
><br>
> Please find the log snippet:<br>
><br>
><br>
> 46582 ( 2) INF 2004-01-01T02:44:37.301453Z syslogd.c(134) "charon:<br>
> 05[CFG] received stroke: add connection 'conn1'"<br>
> 46583 ( 2) INF 2004-01-01T02:44:37.301528Z syslogd.c(134) "charon:<br>
> 05[KNL] 40.0.0.2 is not a local address or the interface is down"<br>
> 46584 ( 2) INF 2004-01-01T02:44:37.308184Z syslogd.c(134) "charon:<br>
> 05[CFG] loaded certificate "CN=FtmFlexiNodeSerialNoTY121316662" from<br>
> '/etc/ipsec.d/certs/btsCert.pem'"<br>
> 46585 ( 2) INF 2004-01-01T02:44:37.308290Z syslogd.c(134) "charon:<br>
> 05[CFG] id '40.0.0.1' not confirmed by certificate, defaulting to<br>
> 'CN=FtmFlexiNodeSerialNoTY121316662'"<br>
> 46586 ( 2) INF 2004-01-01T02:44:37.308349Z syslogd.c(134) "charon:<br>
> 05[CFG] added configuration 'conn1'"<br>
> 46587 ( 2) INF 2004-01-01T02:44:37.308406Z syslogd.c(134) "charon:<br>
> 11[CFG] received stroke: initiate 'conn1'"<br>
> 46588 ( 2) INF 2004-01-01T02:44:37.308463Z syslogd.c(134) "charon:<br>
> 11[MGR] checkout IKE_SA by config"<br>
> 46589 ( 2) INF 2004-01-01T02:44:37.308519Z syslogd.c(134) "charon:<br>
> 11[MGR] created IKE_SA (unnamed)[1]"<br>
> 46590 ( 2) INF 2004-01-01T02:44:37.308576Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing ISAKMP_VENDOR task"<br>
> 46591 ( 2) INF 2004-01-01T02:44:37.308633Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing ISAKMP_CERT_PRE task"<br>
> 46592 ( 2) INF 2004-01-01T02:44:37.308689Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing MAIN_MODE task"<br>
> 46593 ( 2) INF 2004-01-01T02:44:37.308745Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing ISAKMP_CERT_POST task"<br>
> 46594 ( 2) INF 2004-01-01T02:44:37.308802Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing ISAKMP_NATD task"<br>
> 46595 ( 2) INF 2004-01-01T02:44:37.308858Z syslogd.c(134) "charon:<br>
> 11[IKE] queueing QUICK_MODE task"<br>
> 46596 ( 2) INF 2004-01-01T02:44:37.310706Z syslogd.c(134) "charon:<br>
> 11[IKE] activating new tasks"<br>
> 46597 ( 2) INF 2004-01-01T02:44:37.310769Z syslogd.c(134) "charon:<br>
> 11[IKE] activating ISAKMP_VENDOR task"<br>
> 46598 ( 2) INF 2004-01-01T02:44:37.310826Z syslogd.c(134) "charon:<br>
> 11[IKE] activating ISAKMP_CERT_PRE task"<br>
> 46599 ( 2) INF 2004-01-01T02:44:37.310883Z syslogd.c(134) "charon:<br>
> 11[IKE] activating MAIN_MODE task"<br>
> 46600 ( 2) INF 2004-01-01T02:44:37.310940Z syslogd.c(134) "charon:<br>
> 11[IKE] activating ISAKMP_CERT_POST task"<br>
> 46601 ( 2) INF 2004-01-01T02:44:37.310996Z syslogd.c(134) "charon:<br>
> 11[IKE] activating ISAKMP_NATD task"<br>
> 46602 ( 2) INF 2004-01-01T02:44:37.311053Z syslogd.c(134) "charon:<br>
> 11[IKE] sending XAuth vendor ID"<br>
> 46603 ( 2) INF 2004-01-01T02:44:37.311109Z syslogd.c(134) "charon:<br>
> 11[IKE] sending DPD vendor ID"<br>
> 46604 ( 2) INF 2004-01-01T02:44:37.311165Z syslogd.c(134) "charon:<br>
> 11[IKE] sending NAT-T (RFC 3947) vendor ID"<br>
> 46605 ( 2) INF 2004-01-01T02:44:37.311223Z syslogd.c(134) "charon:<br>
> 11[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID"<br>
> 46606 ( 2) INF 2004-01-01T02:44:37.311280Z syslogd.c(134) "charon:<br>
> 11[IKE] initiating Main Mode IKE_SA conn1[1] to 40.0.0.2"<br>
> 46607 ( 2) INF 2004-01-01T02:44:37.314332Z syslogd.c(134) "charon:<br>
> 11[IKE] initiating Main Mode IKE_SA conn1[1] to 40.0.0.2"<br>
> 46608 ( 2) INF 2004-01-01T02:44:37.314398Z syslogd.c(134) "charon:<br>
> 11[IKE] IKE_SA conn1[1] state change: CREATED => CONNECTING"<br>
> 46609 ( 2) INF 2004-01-01T02:44:37.324654Z syslogd.c(134) "charon:<br>
> 11[LIB] signature verification:"<br>
> 46610 ( 2) INF 2004-01-01T02:44:37.324727Z syslogd.c(134) "charon:<br>
> 11[ENC] generating ID_PROT request 0 [ SA V V V V ]"<br>
> 46611 ( 2) INF 2004-01-01T02:44:37.324786Z syslogd.c(134) "charon:<br>
> 11[NET] sending packet: from 40.0.0.1[500] to 40.0.0.2[500] (196 bytes)"<br>
> 46612 ( 2) INF 2004-01-01T02:44:37.324843Z syslogd.c(134) "charon:<br>
> 11[MGR] checkin IKE_SA conn1[1]"<br>
> 46613 ( 2) INF 2004-01-01T02:44:37.347522Z syslogd.c(134) "charon:<br>
> 08[MGR] checkout IKE_SA by message"<br>
> 46614 ( 2) INF 2004-01-01T02:44:37.347598Z syslogd.c(134) "charon:<br>
> 08[MGR] IKE_SA conn1[1] successfully checked out"<br>
> 46615 ( 2) INF 2004-01-01T02:44:37.347657Z syslogd.c(134) "charon:<br>
> 08[NET] received packet: from 40.0.0.2[500] to 40.0.0.1[500] (140 bytes)"<br>
> 46616 ( 2) INF 2004-01-01T02:44:37.347714Z syslogd.c(134) "charon:<br>
> 08[ENC] parsed ID_PROT response 0 [ SA V V V ]"<br>
> 46617 ( 2) INF 2004-01-01T02:44:37.347771Z syslogd.c(134) "charon:<br>
> 08[IKE] received XAuth vendor ID"<br>
> 46618 ( 2) INF 2004-01-01T02:44:37.347828Z syslogd.c(134) "charon:<br>
> 08[IKE] received DPD vendor ID"<br>
> 46619 ( 2) INF 2004-01-01T02:44:37.347885Z syslogd.c(134) "charon:<br>
> 08[IKE] received NAT-T (RFC 3947) vendor ID"<br>
> 46620 ( 2) INF 2004-01-01T02:44:37.347944Z syslogd.c(134) "charon:<br>
> 08[IKE] received (0) authentication, but configured RSA signature, continue<br>
> with configured"<br>
> 46621 ( 2) INF 2004-01-01T02:44:37.348001Z syslogd.c(134) "charon:<br>
> 08[IKE] reinitiating already active tasks"<br>
> 46622 ( 2) INF 2004-01-01T02:44:37.348057Z syslogd.c(134) "charon:<br>
> 08[IKE] ISAKMP_VENDOR task"<br>
> 46623 ( 2) INF 2004-01-01T02:44:37.348113Z syslogd.c(134) "charon:<br>
> 08[IKE] MAIN_MODE task"<br>
> 46624 ( 2) INF 2004-01-01T02:44:37.364227Z syslogd.c(134) "charon:<br>
> 08[LIB] size of DH secret exponent: 1022 bits"<br>
> 46625 ( 2) INF 2004-01-01T02:44:37.383570Z syslogd.c(134) "charon:<br>
> 08[IKE] natd_chunk => 22 bytes @ 0x4480dbb0"<br>
> 46626 ( 2) INF 2004-01-01T02:44:37.383809Z syslogd.c(134) "charon:<br>
> 08[IKE] 0: C1 E3 B4 72 FB A8 FF 3B 03 25 8F 99 15 2F 88 6E<br>
> ...r...;.%.../.n"<br>
> 46627 ( 2) INF 2004-01-01T02:44:37.384043Z syslogd.c(134) "charon:<br>
> 08[IKE] 16: 28 00 00 02 01 F4 (....."<br>
> 46628 ( 2) INF 2004-01-01T02:44:37.384344Z syslogd.c(134) "charon:<br>
> 08[IKE] natd_hash => 20 bytes @ 0x3bd60"<br>
> 46629 ( 2) INF 2004-01-01T02:44:37.384579Z syslogd.c(134) "charon:<br>
> 08[IKE] 0: 34 CD 11 CD D2 0C 3B DF C0 89 1E 0B C7 2B 19 37<br>
> 4.....;......+.7"<br>
> 46630 ( 2) INF 2004-01-01T02:44:37.384814Z syslogd.c(134) "charon:<br>
> 08[IKE] 16: B3 5D B8 6C .].l"<br>
> 46631 ( 2) INF 2004-01-01T02:44:37.385192Z syslogd.c(134) "charon:<br>
> 08[IKE] natd_chunk => 22 bytes @ 0x4480dbb0"<br>
> 46632 ( 2) INF 2004-01-01T02:44:37.385428Z syslogd.c(134) "charon:<br>
> 08[IKE] 0: C1 E3 B4 72 FB A8 FF 3B 03 25 8F 99 15 2F 88 6E<br>
> ...r...;.%.../.n"<br>
> 46633 ( 2) INF 2004-01-01T02:44:37.385865Z syslogd.c(134) "charon:<br>
> 08[IKE] 16: 28 00 00 01 01 F4 (....."<br>
> 46634 ( 2) INF 2004-01-01T02:44:37.386136Z syslogd.c(134) "charon:<br>
> 08[IKE] natd_hash => 20 bytes @ 0x3bd60"<br>
> 46635 ( 2) INF 2004-01-01T02:44:37.386372Z syslogd.c(134) "charon:<br>
> 08[IKE] 0: 41 BC 9D D0 DD 14 17 3E DB E5 01 31 6D 2C 29 7E<br>
> A......>...1m,)~"<br>
> 46636 ( 2) INF 2004-01-01T02:44:37.386607Z syslogd.c(134) "charon:<br>
> 08[IKE] 16: 11 B6 A8 1B ...."<br>
> 46637 ( 2) INF 2004-01-01T02:44:37.389895Z syslogd.c(134) "charon:<br>
> 08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]"<br>
> 46638 ( 2) INF 2004-01-01T02:44:37.390474Z syslogd.c(134) "charon:<br>
> 08[NET] sending packet: from 40.0.0.1[500] to 40.0.0.2[500] (244 bytes)"<br>
> 46639 ( 2) INF 2004-01-01T02:44:37.391643Z syslogd.c(134) "charon:<br>
> 08[MGR] checkin IKE_SA conn1[1]"<br>
> 46640 ( 2) INF 2004-01-01T02:44:37.391916Z syslogd.c(134) "charon:<br>
> 08[MGR] check-in of IKE_SA successful."<br>
> 46641 ( 2) INF 2004-01-01T02:44:37.492904Z syslogd.c(134) "charon:<br>
> 09[MGR] checkout IKE_SA by message"<br>
> 46642 ( 2) INF 2004-01-01T02:44:37.492991Z syslogd.c(134) "charon:<br>
> 09[MGR] IKE_SA conn1[1] successfully checked out"<br>
> 46643 ( 2) INF 2004-01-01T02:44:37.493050Z syslogd.c(134) "charon:<br>
> 09[NET] received packet: from 40.0.0.2[500] to 40.0.0.1[500] (80 bytes)"<br>
><br>
> * 46644 ( 2) INF 2004-01-01T02:44:37.493107Z syslogd.c(134) "charon:<br>
> 09[ENC] payload type HASH_V1 was not encrypted" 46645 ( 2) INF<br>
> 2004-01-01T02:44:37.493164Z syslogd.c(134) "charon: 09[ENC] could not<br>
> decrypt payloads"*<br>
> * 46646 ( 2) INF 2004-01-01T02:44:37.493221Z syslogd.c(134) "charon:<br>
> 09[IKE] integrity check failed"*<br>
> * 46647 ( 2) INF 2004-01-01T02:44:37.493278Z syslogd.c(134) "charon:<br>
> 09[IKE] ignore malformed INFORMATIONAL request"*<br>
> 46648 ( 2) INF 2004-01-01T02:44:37.493336Z syslogd.c(134) "charon:<br>
> 09[IKE] INFORMATIONAL_V1 request with message ID 2788051656 processing<br>
> failed"<br>
><br>
</blockquote></div><br></div>