<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:12pt"><div class="" style="">Hi,</div><div class="" style=""><br class="" style=""></div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal">I am connecting an iPhone to a strongswan instance (U5.0.4/K2.6.32-358.11.1.el6.x86_64)... which works fine almost all of the time, but for some reason I am now getting this error from the client side (On the iPhone):</div><div class="" style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal"><br class="" style=""></div><div class="" style="background-color: transparent">racoon[7861]
<Error>: the length in the isakmp header is too big.<br class="" style=""></div><div class="" style="background-color: transparent">racoon[7861] <Error>: the length in the isakmp header is too big.<br class="" style=""></div><div class="" style="background-color: transparent">racoon[7861] <Error>: the length in the isakmp header is too big.<br class="" style=""></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal"><br class="" style=""></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal">With no data access at all.</div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family:
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal"><br class="" style=""></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal">The connection log looks like this from the server side:</div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal"><br class="" style=""></div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[NET] received packet: from server.ip.addr[58943] to client.ip.addr[500] (668 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]</div><div
class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received NAT-T (RFC 3947) vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE]
received draft-ietf-ipsec-nat-t-ike-04 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received XAuth vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received Cisco Unity vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] received FRAGMENTATION vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50
hserver-ip charon: 12[IKE] received DPD vendor ID</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[IKE] server.ip.addr is initiating a Main Mode IKE_SA</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[ENC] generating ID_PROT response 0 [ SA V V V ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 12[NET] sending packet: from client.ip.addr[500] to server.ip.addr[58943] (136 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[NET] received packet: from server.ip.addr[58943] to client.ip.addr[500] (228 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[IKE] remote host is behind
NAT</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[IKE] sending cert request for "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 13[NET] sending packet: from client.ip.addr[500] to server.ip.addr[58943] (418 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (1436 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[IKE] ignoring certificate request without
data</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[IKE] received end entity cert "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] looking for XAuthInitRSA peer configs matching client.ip.addr...server.ip.addr[[details]]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] selected peer config "auth peer"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] using certificate "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] using trusted ca certificate "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] checking certificate status of "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50
hserver-ip charon: 10[CFG] certificate status is not available</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[CFG] reached self-signed root ca with a path length of 0</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[IKE] authentication of '[details]' with RSA successful</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[IKE] authentication of '[details]' (myself) successful</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[IKE] sending end entity cert "[details]"</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[ENC] generating ID_PROT response 0 [ ID CERT SIG ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[NET] sending packet: from client.ip.addr[4500] to
server.ip.addr[58943] (1484 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[ENC] generating TRANSACTION request 3957482274 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:50 hserver-ip charon: 10[NET] sending packet: from client.ip.addr[4500] to server.ip.addr[58943] (76 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 09[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (92 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 09[ENC] parsed TRANSACTION response 3957482274 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 09[IKE] XAuth authentication of 'user ref' successful</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 09[ENC] generating TRANSACTION
request 1139733046 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 09[NET] sending packet: from client.ip.addr[4500] to server.ip.addr[58943] (76 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 14[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (76 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 14[ENC] parsed TRANSACTION response 1139733046 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 14[IKE] IKE_SA ios-user-ref[13] established between client.ip.addr[[details]]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 14[IKE] scheduling reauthentication in 9976s</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 14[IKE] maximum IKE_SA
lifetime 10516s</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (172 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[ENC] unknown attribute type (28683)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[ENC] parsed TRANSACTION request 582035330 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[IKE] peer requested virtual IP %any</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[CFG] reassigning offline lease to 'user-ref'</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[IKE] assigning virtual IP 10.0.1.153 to peer 'user ref'</div><div class="" style="background-color: transparent">Apr 28
11:57:51 hserver-ip charon: 15[ENC] generating TRANSACTION response 582035330 [ HASH CP ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 15[NET] sending packet: from client.ip.addr[4500] to server.ip.addr[58943] (92 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 12[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (300 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 12[ENC] parsed QUICK_MODE request 3381591487 [ HASH SA No ID ID ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 12[ENC] generating QUICK_MODE response 3381591487 [ HASH SA No ID ID ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 12[NET] sending packet: from client.ip.addr[4500] to server.ip.addr[58943] (172 bytes)</div><div class=""
style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 13[NET] received packet: from server.ip.addr[58943] to client.ip.addr[4500] (60 bytes)</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 13[ENC] parsed QUICK_MODE request 3381591487 [ HASH ]</div><div class="" style="background-color: transparent">Apr 28 11:57:51 hserver-ip charon: 13[IKE] CHILD_SA ios-user-ref{8} established with SPIs c589dd40_i 098b2775_o and TS 0.0.0.0/0 === 10.0.1.153/32</div><div class="" style="background-color: transparent"><br></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;">Any ideas what is going wrong?</div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica,
Arial, 'Lucida Grande', sans-serif; font-style: normal;"><br></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;">Thanks!</div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;"><br></div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;">H.</div><div class="" style="background-color: transparent; color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-style: normal;"><br></div></div></body></html>