<div dir="ltr"><div><div><div><div><div>Hi Joshua,<br><br></div>from client side you should also read some auth failures.<br></div>Probably it means that the ca.crt is not valid or client doesn't understand the auth-type because of missing plugin dependencies, It could depend by the client type as well, if Linux with charon-cmd you have to specify the --cert path. IKE_SA goes in timeout, this is the information and it depends by the client that cannot understand the incoming packets.<br><br></div>The more important thing is your configuration, you should let us read it.<br></div>If your tunnel never worked you could also think to re-configure it from scratch, I produced this scripts to introduce me in ikev2:<br><br><a href="https://github.com/peppelinux/UniTools/tree/master/IPSec">https://github.com/peppelinux/UniTools/tree/master/IPSec</a><br><br></div>hope this helps, I'm not a strongswan veteran, problably someone could help you better then me :)<br></div><div class="gmail_extra"><br><div class="gmail_quote">2017-11-07 12:11 GMT+01:00 Joshua Nocturne <span dir="ltr"><<a href="mailto:joshua.nocturne@gmail.com" target="_blank">joshua.nocturne@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div> I got some problems about the configuration of strongswan, no matter how I configured the IKEv2 connection just couldn't establish. The strongswan's log is like this:</div><div><div>Nov 7 18:52:21 05[NET] <1> received packet: from 183.131.17.162[380] to 47.90.13.129[500] (616 bytes)</div><div>Nov 7 18:52:21 05[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div>Nov 7 18:52:21 05[IKE] <1> received MS NT5 ISAKMPOAKLEY v9 vendor ID</div><div>Nov 7 18:52:21 05[IKE] <1> received MS-Negotiation Discovery Capable vendor ID</div><div>Nov 7 18:52:21 05[IKE] <1> received Vid-Initial-Contact vendor ID</div><div>Nov 7 18:52:21 05[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:<wbr>ab:9a:1c:5b:2a:51:00:00:00:02</div><div>Nov 7 18:52:21 05[IKE] <1> 183.131.17.162 is initiating an IKE_SA</div><div>Nov 7 18:52:21 05[IKE] <1> remote host is behind NAT</div><div>Nov 7 18:52:21 05[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]</div><div>Nov 7 18:52:21 05[NET] <1> sending packet: from 47.90.13.129[500] to 183.131.17.162[380] (312 bytes)</div><div>Nov 7 18:52:22 16[NET] <1> received packet: from 183.131.17.162[380] to 47.90.13.129[500] (616 bytes)</div><div>Nov 7 18:52:22 16[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div>Nov 7 18:52:22 16[IKE] <1> received retransmit of request with ID 0, retransmitting response</div><div>Nov 7 18:52:22 16[NET] <1> sending packet: from 47.90.13.129[500] to 183.131.17.162[380] (312 bytes)</div><div>Nov 7 18:52:23 11[NET] <1> received packet: from 183.131.17.162[380] to 47.90.13.129[500] (616 bytes)</div><div>Nov 7 18:52:23 11[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div>Nov 7 18:52:23 11[IKE] <1> received retransmit of request with ID 0, retransmitting response</div><div>Nov 7 18:52:23 11[NET] <1> sending packet: from 47.90.13.129[500] to 183.131.17.162[380] (312 bytes)</div><div>Nov 7 18:52:51 15[JOB] <1> deleting half open IKE_SA after timeout</div></div><div><br></div><div> Need you help, please.</div></div>
</blockquote></div><br></div>