<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>I've been trying to make a connection between my home PC and the Watchguard XTM330 we have at the office.</p>
<p>I'll fully admit that I know enough about all of this to be dangerous, and have muddled my way through things, as best I can, so the connection atleast appears to be trying to connect</p>
<p><br>
</p>
<p>however quickly after starting the tunnel, I get a series of repeating messages about receiving re transmits of responses, and that's about as far as things go
<br>
</p>
<p>I've changed a bunch of settings on each side and have never progressed any further than this. both sides are behind NAT, and as far as I'm aware all ports are properly forwarded.</p>
<p>could anyone shed some light on this one for me ? would greatly appreciate any help I could get</p>
<p><br>
</p>
<p><br>
</p>
<p>------------------ local config<br>
</p>
<p>conn work<br>
ikelifetime=86400<br>
keylife=21600<br>
rekeymargin=3m<br>
keyingtries=10<br>
authby=psk<br>
auto=add<br>
type=tunnel<br>
leftid=vpnrm.forteholdings.com<br>
left=192.168.1.1<br>
leftsubnet=192.168.1.0/24<br>
rightid=10.4.100.69<br>
right=162.217.18.115<br>
rightsubnet=10.4.100.69/24<br>
ike=aes256-sha256-modp2048 #Internet key exchange, type of encryption<br>
keyexchange=ikev1 #Internet key exchange version<br>
dpddelay=30<br>
dpdtimeout=120<br>
dpdaction=restart<br>
<br>
</p>
<p>----------remote config (sorry for images)</p>
<p><img src="cid:part1.7C694EFD.3F5C0E0D@forteholdings.com" alt=""></p>
<p><img src="cid:part2.F97200CA.723B9D6C@forteholdings.com" alt=""></p>
<p>-----------output from my home -----<br>
</p>
<p>initiating Main Mode IKE_SA forte[1] to 162.217.18.115<br>
generating ID_PROT request 0 [ SA V V V V V ]<br>
sending packet: from 192.168.1.1[500] to 162.217.18.115[500] (252 bytes)<br>
received packet: from 162.217.18.115[500] to 192.168.1.1[500] (140 bytes)<br>
parsed ID_PROT response 0 [ SA V V V ]<br>
received XAuth vendor ID<br>
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
received DPD vendor ID<br>
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]<br>
sending packet: from 192.168.1.1[500] to 162.217.18.115[500] (396 bytes)<br>
received packet: from 162.217.18.115[500] to 192.168.1.1[500] (372 bytes)<br>
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]<br>
local host is behind NAT, sending keep alives<br>
remote host is behind NAT<br>
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)<br>
received retransmit of response with ID 0, but next request already sent<br>
sending retransmit 1 of request message ID 0, seq 3<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)<br>
received retransmit of response with ID 0, but next request already sent<br>
sending retransmit 2 of request message ID 0, seq 3<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)<br>
received retransmit of response with ID 0, but next request already sent<br>
sending retransmit 3 of request message ID 0, seq 3<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
sending keep alive to 162.217.18.115[4500]<br>
sending retransmit 4 of request message ID 0, seq 3<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
sending keep alive to 162.217.18.115[4500]<br>
sending keep alive to 162.217.18.115[4500]<br>
sending retransmit 5 of request message ID 0, seq 3<br>
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)<br>
sending keep alive to 162.217.18.115[4500]<br>
sending keep alive to 162.217.18.115[4500]<br>
sending keep alive to 162.217.18.115[4500]<br>
giving up after 5 retransmits</p>
<p><br>
</p>
<p>----------- output from remote host (not strongswan)</p>
<p></p>
<table>
<tbody>
<tr>
<td>2020-04-06 16:19:37 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:37 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:41 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:41 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:48 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:48 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload
</td>
<td>Debug</td>
</tr>
<tr>
<td>2020-04-06 16:19:53 iked (10.4.100.69<->108.215.156.96)Delete QM State: QM_INIT_PENDING state decrement pendingP2SARequest 0
</td>
<td>Debug</td>
</tr>
</tbody>
</table>
</body>
</html>