<div dir="ltr">Tobias thank you so much for your reply!<br><br><div>On the bottom you'll find the attached logs from the chromebook machine, please let me know if you require any pocket sniffing</div><div><br></div><div>Cheers,</div><div>Ilan</div><div><br></div><div><div>2015-02-12T10:22:13.896043-08:00 charon[2428]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div>2015-02-12T10:22:13.900278-08:00 charon[2428]: 00[CFG] loaded ca certificate "CN=domain Dev Root CA G1, O=domain, C=US" from '/etc/ipsec.d/cacerts/cacert.der'</div><div>2015-02-12T10:22:13.900904-08:00 charon[2428]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div>2015-02-12T10:22:13.901409-08:00 charon[2428]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div>2015-02-12T10:22:13.901910-08:00 charon[2428]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div><div>2015-02-12T10:22:13.902417-08:00 charon[2428]: 00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div>2015-02-12T10:22:13.902953-08:00 charon[2428]: 00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div>2015-02-12T10:22:13.911338-08:00 charon[2428]: 00[CFG] loaded private key from %smartcard1@crypto_module:719D7F5687E27E8DAD5E37FD84CFFA1027B29878</div><div>2015-02-12T10:22:13.912395-08:00 charon[2428]: 00[DMN] loaded plugins: charon pkcs11 aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic</div><div>2015-02-12T10:22:13.913424-08:00 charon[2428]: 00[LIB] dropped capabilities, running as uid 212, gid 212</div><div>2015-02-12T10:22:13.913935-08:00 charon[2428]: 00[JOB] spawning 16 worker threads</div><div>2015-02-12T10:22:13.925508-08:00 charon[2428]: 01[CFG] received stroke: add connection 'managed'</div><div>2015-02-12T10:22:13.926009-08:00 charon[2428]: 01[CFG] left nor right host is our side, assuming left=local</div><div>2015-02-12T10:22:13.930950-08:00 charon[2428]: 01[CFG] loaded certificate "CN=right_cn, OU=1957, O=<a href="http://domain.com">domain.com</a>, C=US" from '%smartcard1@crypto_module:719D7F5687E27E8DAD5E37FD84CFFA1027B29878'</div><div>2015-02-12T10:22:13.931524-08:00 charon[2428]: 01[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=right_cn, OU=1957, O=<a href="http://domain.com">domain.com</a>, C=US'</div><div>2015-02-12T10:22:13.932301-08:00 charon[2428]: 01[CFG] added configuration 'managed'</div><div>2015-02-12T10:22:13.933065-08:00 charon[2428]: 12[CFG] received stroke: initiate 'managed'</div><div>2015-02-12T10:22:13.933964-08:00 charon[2428]: 12[IKE] initiating Main Mode IKE_SA managed[1] to 162.243.137.92</div><div>2015-02-12T10:22:13.937160-08:00 charon[2428]: 12[ENC] generating ID_PROT request 0 [ SA V V V V ]</div><div>2015-02-12T10:22:13.937898-08:00 charon[2428]: 12[NET] sending packet: from 10.0.1.186[500] to 162.243.137.92[500] (188 bytes)</div><div>2015-02-12T10:22:13.956699-08:00 charon[2428]: 09[NET] received packet: from 162.243.137.92[500] to 10.0.1.186[500] (132 bytes)</div><div>2015-02-12T10:22:13.957266-08:00 charon[2428]: 09[ENC] parsed ID_PROT response 0 [ SA V V V ]</div><div>2015-02-12T10:22:13.957296-08:00 charon[2428]: 09[IKE] received XAuth vendor ID</div><div>2015-02-12T10:22:13.957310-08:00 charon[2428]: 09[IKE] received DPD vendor ID</div><div>2015-02-12T10:22:13.957323-08:00 charon[2428]: 09[IKE] received NAT-T (RFC 3947) vendor ID</div><div>2015-02-12T10:22:13.964554-08:00 charon[2428]: 09[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]</div><div>2015-02-12T10:22:13.964647-08:00 charon[2428]: 09[NET] sending packet: from 10.0.1.186[500] to 162.243.137.92[500] (244 bytes)</div><div>2015-02-12T10:22:13.987288-08:00 charon[2428]: 02[NET] received packet: from 162.243.137.92[500] to 10.0.1.186[500] (468 bytes)</div><div>2015-02-12T10:22:13.987330-08:00 charon[2428]: 02[ENC] parsed ID_PROT response 0 [ KE No CERTREQ CERTREQ CERTREQ NAT-D NAT-D ]</div><div>2015-02-12T10:22:13.987345-08:00 charon[2428]: 02[IKE] received cert request for unknown ca 'CN=domain Dev Issuing CA G1, O=domain, C=US'</div><div>2015-02-12T10:22:13.987359-08:00 charon[2428]: 02[IKE] received cert request for 'CN=domain Dev Root CA G1, O=domain, C=US'</div><div>2015-02-12T10:22:13.987373-08:00 charon[2428]: 02[IKE] received cert request for unknown ca 'CN=domain Dev Intermediate CA G1, O=domain, C=US'</div><div>2015-02-12T10:22:13.994140-08:00 charon[2428]: 02[IKE] local host is behind NAT, sending keep alives</div><div>2015-02-12T10:22:13.999718-08:00 charon[2428]: 02[IKE] sending cert request for "CN=domain Dev Root CA G1, O=domain, C=US"</div><div>2015-02-12T10:22:14.012951-08:00 shill[1076]: [ERROR:error.cc(103)] Operation failed (no other information)</div><div>2015-02-12T10:22:14.365615-08:00 shill[1076]: last message repeated 25 times</div><div>2015-02-12T10:22:14.365013-08:00 charon[2428]: 02[IKE] authentication of 'CN=right_cn, OU=1957, O=<a href="http://domain.com">domain.com</a>, C=US' (myself) successful</div><div>2015-02-12T10:22:14.365056-08:00 charon[2428]: 02[IKE] sending end entity cert "CN=right_cn, OU=1957, O=<a href="http://domain.com">domain.com</a>, C=US"</div><div>2015-02-12T10:22:14.365078-08:00 charon[2428]: 02[ENC] generating ID_PROT request 0 [ ID CERT SIG CERTREQ ]</div><div>2015-02-12T10:22:14.365098-08:00 charon[2428]: 02[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (1092 bytes)</div><div>2015-02-12T10:22:14.622824-08:00 charon[2428]: 07[NET] received packet: from 162.243.137.92[4500] to 10.0.1.186[4500] (2092 bytes)</div><div>2015-02-12T10:22:14.623526-08:00 charon[2428]: 07[ENC] payload of type CERTIFICATE_V1 more than 2 times (3) occurred in current message</div><div>2015-02-12T10:22:14.623568-08:00 charon[2428]: 07[IKE] message verification failed</div><div>2015-02-12T10:22:14.623584-08:00 charon[2428]: 07[ENC] generating INFORMATIONAL_V1 request 3294627211 [ HASH N(PLD_MAL) ]</div><div>2015-02-12T10:22:14.623603-08:00 charon[2428]: 07[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (68 bytes)</div><div>2015-02-12T10:22:14.623625-08:00 charon[2428]: 07[IKE] ID_PROT response with message ID 0 processing failed</div><div>2015-02-12T10:22:18.365205-08:00 charon[2428]: 14[IKE] sending retransmit 1 of request message ID 0, seq 3</div><div>2015-02-12T10:22:18.365250-08:00 charon[2428]: 14[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (1092 bytes)</div><div>2015-02-12T10:22:18.378092-08:00 charon[2428]: 01[NET] received packet: from 162.243.137.92[4500] to 10.0.1.186[4500] (2092 bytes)</div><div>2015-02-12T10:22:18.379109-08:00 charon[2428]: 01[ENC] payload of type CERTIFICATE_V1 more than 2 times (3) occurred in current message</div><div>2015-02-12T10:22:18.379147-08:00 charon[2428]: 01[IKE] message verification failed</div><div>2015-02-12T10:22:18.379165-08:00 charon[2428]: 01[ENC] generating INFORMATIONAL_V1 request 3308765307 [ HASH N(PLD_MAL) ]</div><div>2015-02-12T10:22:18.379179-08:00 charon[2428]: 01[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (68 bytes)</div><div>2015-02-12T10:22:18.379192-08:00 charon[2428]: 01[IKE] ID_PROT response with message ID 0 processing failed</div><div>2015-02-12T10:22:25.565876-08:00 charon[2428]: 12[IKE] sending retransmit 2 of request message ID 0, seq 3</div><div>2015-02-12T10:22:25.565915-08:00 charon[2428]: 12[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (1092 bytes)</div><div>2015-02-12T10:22:25.577716-08:00 charon[2428]: 09[NET] received packet: from 162.243.137.92[4500] to 10.0.1.186[4500] (2092 bytes)</div><div>2015-02-12T10:22:25.578064-08:00 charon[2428]: 09[ENC] payload of type CERTIFICATE_V1 more than 2 times (3) occurred in current message</div><div>2015-02-12T10:22:25.578096-08:00 charon[2428]: 09[IKE] message verification failed</div><div>2015-02-12T10:22:25.578114-08:00 charon[2428]: 09[ENC] generating INFORMATIONAL_V1 request 4041721436 [ HASH N(PLD_MAL) ]</div><div>2015-02-12T10:22:25.578130-08:00 charon[2428]: 09[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (68 bytes)</div><div>2015-02-12T10:22:25.578147-08:00 charon[2428]: 09[IKE] ID_PROT response with message ID 0 processing failed</div><div>2015-02-12T10:22:26.942623-08:00 periodic_scheduler[2475]: crash_sender: running /sbin/crash_sender</div><div>2015-02-12T10:22:27.011533-08:00 periodic_scheduler[2492]: crash_sender: job completed</div><div>2015-02-12T10:22:38.526907-08:00 charon[2428]: 07[IKE] sending retransmit 3 of request message ID 0, seq 3</div><div>2015-02-12T10:22:38.526950-08:00 charon[2428]: 07[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (1092 bytes)</div><div>2015-02-12T10:22:38.559165-08:00 charon[2428]: 05[NET] received packet: from 162.243.137.92[4500] to 10.0.1.186[4500] (2092 bytes)</div><div>2015-02-12T10:22:38.559214-08:00 charon[2428]: 05[ENC] payload of type CERTIFICATE_V1 more than 2 times (3) occurred in current message</div><div>2015-02-12T10:22:38.559237-08:00 charon[2428]: 05[IKE] message verification failed</div><div>2015-02-12T10:22:38.559256-08:00 charon[2428]: 05[ENC] generating INFORMATIONAL_V1 request 2462622163 [ HASH N(PLD_MAL) ]</div><div>2015-02-12T10:22:38.559571-08:00 charon[2428]: 05[NET] sending packet: from 10.0.1.186[4500] to 162.243.137.92[4500] (68 bytes)</div><div>2015-02-12T10:22:38.559592-08:00 charon[2428]: 05[IKE] ID_PROT response with message ID 0 processing failed</div><div>2015-02-12T10:22:43.948434-08:00 l2tpipsec_vpn[2415]: IPsec connection timed out</div><div>2015-02-12T10:22:44.950783-08:00 charon[2428]: 00[DMN] signal of type SIGINT received. Shutting down</div><div>2015-02-12T10:22:44.950822-08:00 charon[2428]: 00[IKE] destroying IKE_SA in state CONNECTING without notification</div><div>2015-02-12T10:22:44.970725-08:00 l2tpipsec_vpn[2415]: Unable to send signal to 2417 error 3</div><div>2015-02-12T10:22:44.970758-08:00 l2tpipsec_vpn[2415]: Unable to send signal to 2428 error 3</div><div>2015-02-12T10:22:45.002783-08:00 shill[1076]: [ERROR:error.cc(103)] Operation failed (no other information)</div></div></div><br><div class="gmail_quote">On Thu Feb 12 2015 at 12:44:06 AM Tobias Brunner <<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Ilan,<br>
<br>
>>> 06[ENC] invalid HASH_V1 payload length, decryption failed?<br>
>>> 06[ENC] could not decrypt payloads<br>
>>> 06[IKE] message parsing failed<br>
>>> 06[IKE] ignore malformed INFORMATIONAL request<br>
<br>
This looks like #836 (or #570). Do you have any logs from the client?<br>
It seems it might not like the server's certificate and then maybe sends<br>
a DELETE or some other notify to the server. Could you try to determine<br>
what is contained in that INFORMATIONAL request (e.g. via Wireshark)?<br>
<br>
Regards,<br>
Tobias<br>
<br>
[1] <a href="https://wiki.strongswan.org/issues/836" target="_blank">https://wiki.strongswan.org/<u></u>issues/836</a><br>
[2] <a href="https://wiki.strongswan.org/issues/570" target="_blank">https://wiki.strongswan.org/<u></u>issues/570</a><br>
</blockquote></div>