<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<STYLE>
BLOCKQUOTE {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
UL {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
P {
MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
BODY {
FONT-SIZE: 10.5pt; FONT-FAMILY: ËÎÌå; COLOR: #000000; LINE-HEIGHT: 1.5
}
</STYLE>
<META name=GENERATOR content="MSHTML 11.00.10570.1001"></HEAD>
<BODY style="MARGIN: 10px">
<DIV>I'm using a android phone.</DIV>
<DIV>After upgrade to strongswan-5.6.1, I connect to strongswan, then
disconnect, then reconnect, but failed.</DIV>
<DIV>Config and log is blow.</DIV>
<DIV>Can anyone help me, thanks.</DIV>
<DIV> </DIV>
<DIV>
<DIV>conn XAuth-PSK</DIV>
<DIV> keyexchange=ikev1</DIV>
<DIV> ike=aes256-sha1-modp1024,aes256-sha256-modp1024,3des-sha1-modp1024!</DIV>
<DIV> esp=aes256-sha1,aes256-sha256,3des-sha1!</DIV>
<DIV> left=%any</DIV>
<DIV> leftauth=psk</DIV>
<DIV> leftsubnet=0.0.0.0/0</DIV>
<DIV> #leftfirewall=yes</DIV>
<DIV> right=%any</DIV>
<DIV> rightauth=psk</DIV>
<DIV> rightauth2=xauth</DIV>
<DIV> #rightauth2=xauth-radius | xauth-generic | xauth-pam | xauth-eap</DIV>
<DIV> rightsourceip=172.31.254.0/24</DIV>
<DIV> auto=add</DIV></DIV>
<DIV> </DIV>
<DIV>
<DIV>Jan 10 22:22:37 09[NET] <3> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (476 bytes)</DIV>
<DIV>Jan 10 22:22:37 09[ENC] <3> parsed ID_PROT request 0 [ SA V V V V V V V V ]</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received NAT-T (RFC 3947) vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-00 vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received XAuth vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received Cisco Unity vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received FRAGMENTATION vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> received DPD vendor ID</DIV>
<DIV>Jan 10 22:22:37 09[IKE] <3> 117.100.110.176 is initiating a Main Mode IKE_SA</DIV>
<DIV>Jan 10 22:22:37 09[ENC] <3> generating ID_PROT response 0 [ SA V V V V ]</DIV>
<DIV>Jan 10 22:22:37 09[NET] <3> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (160 bytes)</DIV>
<DIV>Jan 10 22:22:37 10[NET] <3> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (228 bytes)</DIV>
<DIV>Jan 10 22:22:37 10[ENC] <3> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</DIV>
<DIV>Jan 10 22:22:37 10[IKE] <3> local host is behind NAT, sending keep alives</DIV>
<DIV>Jan 10 22:22:37 10[IKE] <3> remote host is behind NAT</DIV>
<DIV>Jan 10 22:22:37 10[ENC] <3> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]</DIV>
<DIV>Jan 10 22:22:37 10[NET] <3> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (244 bytes)</DIV>
<DIV>Jan 10 22:22:37 11[NET] <3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)</DIV>
<DIV>Jan 10 22:22:37 11[ENC] <3> parsed ID_PROT request 0 [ ID HASH ]</DIV>
<DIV>Jan 10 22:22:37 11[CFG] <3> looking for XAuthInitPSK peer configs matching 172.31.2.1...117.100.110.176[192.168.99.102]</DIV>
<DIV>Jan 10 22:22:37 11[CFG] <3> selected peer config "XAuth-PSK"</DIV>
<DIV>Jan 10 22:22:37 11[ENC] <XAuth-PSK|3> generating ID_PROT response 0 [ ID HASH ]</DIV>
<DIV>Jan 10 22:22:37 11[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)</DIV>
<DIV>Jan 10 22:22:37 11[ENC] <XAuth-PSK|3> generating TRANSACTION request 3859775034 [ HASH CPRQ(X_USER X_PWD) ]</DIV>
<DIV>Jan 10 22:22:37 11[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)</DIV>
<DIV>Jan 10 22:22:37 12[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (108 bytes)</DIV>
<DIV>Jan 10 22:22:37 12[ENC] <XAuth-PSK|3> parsed INFORMATIONAL_V1 request 3696968083 [ HASH N(INITIAL_CONTACT) ]</DIV>
<DIV>Jan 10 22:22:37 16[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (108 bytes)</DIV>
<DIV>Jan 10 22:22:37 16[ENC] <XAuth-PSK|3> parsed TRANSACTION response 3859775034 [ HASH CPRP(X_USER X_PWD) ]</DIV>
<DIV>Jan 10 22:22:37 16[CFG] <XAuth-PSK|3> sending RADIUS Access-Request to server '127.0.0.1'</DIV>
<DIV>Jan 10 22:22:37 16[CFG] <XAuth-PSK|3> received RADIUS Access-Accept from server '127.0.0.1'</DIV>
<DIV>Jan 10 22:22:37 16[IKE] <XAuth-PSK|3> XAuth authentication of 'vpnuser1' successful</DIV>
<DIV>Jan 10 22:22:37 16[ENC] <XAuth-PSK|3> generating TRANSACTION request 4237587337 [ HASH CPS(X_STATUS) ]</DIV>
<DIV>Jan 10 22:22:37 16[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)</DIV>
<DIV>Jan 10 22:22:37 03[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)</DIV>
<DIV>Jan 10 22:22:37 03[ENC] <XAuth-PSK|3> parsed TRANSACTION response 4237587337 [ HASH CPA(X_STATUS) ]</DIV>
<DIV>Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> IKE_SA XAuth-PSK[3] established between 172.31.2.1[172.31.2.1]...117.100.110.176[192.168.99.102]</DIV>
<DIV>Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> scheduling reauthentication in 10239s</DIV>
<DIV>Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> maximum IKE_SA lifetime 10779s</DIV>
<DIV>Jan 10 22:22:37 04[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (124 bytes)</DIV>
<DIV>Jan 10 22:22:37 04[ENC] <XAuth-PSK|3> parsed TRANSACTION request 3008611662 [ HASH CPRQ(ADDR MASK DNS NBNS U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN VER) ]</DIV>
<DIV>Jan 10 22:22:37 04[IKE] <XAuth-PSK|3> peer requested virtual IP %any</DIV>
<DIV>Jan 10 22:22:37 04[CFG] <XAuth-PSK|3> assigning new lease to 'vpnuser1'</DIV>
<DIV>Jan 10 22:22:37 04[IKE] <XAuth-PSK|3> assigning virtual IP 172.31.254.1 to peer 'vpnuser1'</DIV>
<DIV>Jan 10 22:22:37 04[ENC] <XAuth-PSK|3> generating TRANSACTION response 3008611662 [ HASH CPRP(ADDR DNS NBNS DNS NBNS) ]</DIV>
<DIV>Jan 10 22:22:37 04[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (108 bytes)</DIV>
<DIV> </DIV>
<DIV>Jan 10 22:22:55 15[NET] <4> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (476 bytes)</DIV>
<DIV>Jan 10 22:22:55 15[ENC] <4> parsed ID_PROT request 0 [ SA V V V V V V V V ]</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received NAT-T (RFC 3947) vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-00 vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received XAuth vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received Cisco Unity vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received FRAGMENTATION vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> received DPD vendor ID</DIV>
<DIV>Jan 10 22:22:55 15[IKE] <4> 117.100.110.176 is initiating a Main Mode IKE_SA</DIV>
<DIV>Jan 10 22:22:55 15[ENC] <4> generating ID_PROT response 0 [ SA V V V V ]</DIV>
<DIV>Jan 10 22:22:55 15[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (160 bytes)</DIV>
<DIV>Jan 10 22:22:55 07[NET] <4> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (228 bytes)</DIV>
<DIV>Jan 10 22:22:55 07[ENC] <4> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</DIV>
<DIV>Jan 10 22:22:55 07[IKE] <4> local host is behind NAT, sending keep alives</DIV>
<DIV>Jan 10 22:22:55 07[IKE] <4> remote host is behind NAT</DIV>
<DIV>Jan 10 22:22:55 07[ENC] <4> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]</DIV>
<DIV>Jan 10 22:22:55 07[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (244 bytes)</DIV>
<DIV>Jan 10 22:22:55 09[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)</DIV>
<DIV>Jan 10 22:22:55 09[ENC] <4> invalid ID_V1 payload length, decryption failed?</DIV>
<DIV>Jan 10 22:22:55 09[ENC] <4> could not decrypt payloads</DIV>
<DIV>Jan 10 22:22:55 09[IKE] <4> message parsing failed</DIV>
<DIV>Jan 10 22:22:55 09[ENC] <4> generating INFORMATIONAL_V1 request 115749929 [ HASH N(PLD_MAL) ]</DIV>
<DIV>Jan 10 22:22:55 09[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)</DIV>
<DIV>Jan 10 22:22:55 09[IKE] <4> ID_PROT request with message ID 0 processing failed</DIV>
<DIV>Jan 10 22:22:58 10[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)</DIV>
<DIV>Jan 10 22:22:58 10[ENC] <4> invalid ID_V1 payload length, decryption failed?</DIV>
<DIV>Jan 10 22:22:58 10[ENC] <4> could not decrypt payloads</DIV>
<DIV>Jan 10 22:22:58 10[IKE] <4> message parsing failed</DIV>
<DIV>Jan 10 22:22:58 10[ENC] <4> generating INFORMATIONAL_V1 request 3790107254 [ HASH N(PLD_MAL) ]</DIV>
<DIV>Jan 10 22:22:58 10[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)</DIV>
<DIV>Jan 10 22:22:58 10[IKE] <4> ID_PROT request with message ID 0 processing failed</DIV>
<DIV>Jan 10 22:23:01 11[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)</DIV>
<DIV>Jan 10 22:23:01 11[ENC] <4> invalid ID_V1 payload length, decryption failed?</DIV>
<DIV>Jan 10 22:23:01 11[ENC] <4> could not decrypt payloads</DIV>
<DIV>Jan 10 22:23:01 11[IKE] <4> message parsing failed</DIV>
<DIV>Jan 10 22:23:01 11[ENC] <4> generating INFORMATIONAL_V1 request 142288792 [ HASH N(PLD_MAL) ]</DIV>
<DIV>Jan 10 22:23:01 11[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)</DIV>
<DIV>Jan 10 22:23:01 11[IKE] <4> ID_PROT request with message ID 0 processing failed</DIV></DIV>
<DIV> </DIV>
<HR style="HEIGHT: 1px; WIDTH: 210px" align=left color=#b5c4df SIZE=1>
<DIV><SPAN>JWD</SPAN></DIV></BODY></HTML>