<html><head><meta name="Generator" content="Z-Push"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body>I really need some assistance on this matter. Kimmo, are you out there? You helped set this up and thus, were a great help.<br><br>> I see a lot of this in the log:<br>> > received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4<br>> > 12[IKE] received cert request for unknown ca with keyid dd:bb:bd:86:9c:7f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15<br>> > 12[IKE] received cert request for unknown ca with keyid 4a:5e:75:22:ad:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d<br>> > 12[IKE] received cert request for unknown ca with keyid 01:f0:33:4f:1a:a1:e9:bb:5b:4b:a9:de:43:bc:02:7d:57:09:33:fb<br>> > 12[IKE] received cert request for "C=US, ST=NC, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=email address"<br>> > 12[IKE] received cert request for unknown ca with keyid 34:4f:50:2e:25:69:31:91:bd:f7:73:5e:ab:f5:86:8d:37:82:40:ec<br><br>Sent from my iPhone<br><br>> On Jan 3, 2014, at 10:47 AM, "Chris Arnold" <carnold@electrichendrix.com> wrote:<br>> <br>> Sorry, this was meant to go to the list. Not directly to Martin<br>> <br>> Sent from my iPhone<br>> <br>> On Jan 3, 2014, at 8:31 AM, "Chris Arnold" wrote:<br>> <br>> >>> Hi,<br>> > <br>> > Hi Martin. Thanks for your reply.<br>> > <br>> >> This use to work until we moved offices and got a new public ip. The<br>> >> above leftid reflects the new public ip. I just thought about<br>> >> something, the CN in the cert, does it need to reflect the new public<br>> >> ip?<br>> > <br>> >>> No, authentication works independent of payload encryption in IKEv2, so<br>> >>> anything wrong with your credentials wouldn't fail that way.<br>> > <br>> >>> More likely is a fragmentation issue: Windows 7 sends a certificate<br>> >>> request for each and every CA it knows about, sometimes summing up to<br>> >>> several KB of CERTREQs. If these fragments are not reassembled<br>> >>> completely/correctly, decryption fails.<br>> > <br>> > I see a lot of this in the log:<br>> > received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4<br>> > 12[IKE] received cert request for unknown ca with keyid dd:bb:bd:86:9c:7f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15<br>> > 12[IKE] received cert request for unknown ca with keyid 4a:5e:75:22:ad:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d<br>> > 12[IKE] received cert request for unknown ca with keyid 01:f0:33:4f:1a:a1:e9:bb:5b:4b:a9:de:43:bc:02:7d:57:09:33:fb<br>> > 12[IKE] received cert request for "C=US, ST=NC, L=Durham, O=Edens Land Corp, OU=ELC, CN=Jarrod, E=email address"<br>> > 12[IKE] received cert request for unknown ca with keyid 34:4f:50:2e:25:69:31:91:bd:f7:73:5e:ab:f5:86:8d:37:82:40:ec<br>> > <br>> >>> I'd try to identify how many fragments you see for this IKE_AUTH, and if<br>> >>> they get reassembled correctly on the strongSwan end.<br>> > <br>> > How do i identify how many fragments for this IKE_AUTH?<br>> _______________________________________________<br>> Users mailing list<br>> Users@lists.strongswan.org<br>> https://lists.strongswan.org/mailman/listinfo/users<br></body></html>