[strongSwan] IKEv2 tunnel establishment, initiator does not repond

Groebl, Laurence (Laurence) laurence.groebl at alcatel-lucent.com
Mon Sep 20 09:29:57 CEST 2010 

Hello Andreas,
herewith the relevant part from the log, I hope it helps,
best regards,
Laurence

Sep 17 09:15:19 destgd0h003661 charon: 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Sep 17 09:15:19 destgd0h003661 charon: 07[NET] sending packet: from 192.168.30.51[500] to 192.168.30.254[500]
Sep 17 09:15:19 destgd0h003661 charon: 10[NET] received packet: from 192.168.30.254[500] to 192.168.30.51[500]
Sep 17 09:15:19 destgd0h003661 charon: 10[ENC]   length of TRANSFORM_ATTRIBUTE substructure list invalid
Sep 17 09:15:19 destgd0h003661 charon: 10[ENC]   parsing of a TRANSFORM_SUBSTRUCTURE substructure failed
Sep 17 09:15:19 destgd0h003661 charon: 10[ENC]   parsing of a PROPOSAL_SUBSTRUCTURE substructure failed
Sep 17 09:15:19 destgd0h003661 charon: 10[ENC] payload type SECURITY_ASSOCIATION could not be parsed
Sep 17 09:15:19 destgd0h003661 charon: 10[IKE] IKE_SA_INIT response with message ID 0 processing failed
Sep 17 09:15:23 destgd0h003661 charon: 11[IKE] retransmit 1 of request with message ID 0
Sep 17 09:15:23 destgd0h003661 charon: 11[NET] sending packet: from 192.168.30.51[500] to 192.168.30.254[500]
Sep 17 09:15:23 destgd0h003661 charon: 12[NET] received packet: from 192.168.30.254[500] to 192.168.30.51[500]
Sep 17 09:15:23 destgd0h003661 charon: 12[ENC]   length of TRANSFORM_ATTRIBUTE substructure list invalid
Sep 17 09:15:23 destgd0h003661 charon: 12[ENC]   parsing of a TRANSFORM_SUBSTRUCTURE substructure failed
Sep 17 09:15:23 destgd0h003661 charon: 12[ENC]   parsing of a PROPOSAL_SUBSTRUCTURE substructure failed
Sep 17 09:15:23 destgd0h003661 charon: 12[ENC] payload type SECURITY_ASSOCIATION could not be parsed
Sep 17 09:15:23 destgd0h003661 charon: 12[IKE] IKE_SA_INIT response with message ID 0 processing failed
Sep 17 09:15:30 destgd0h003661 charon: 13[IKE] retransmit 2 of request with message ID 0
Sep 17 09:15:30 destgd0h003661 charon: 13[NET] sending packet: from 192.168.30.51[500] to 192.168.30.254[500]
Sep 17 09:15:30 destgd0h003661 charon: 14[NET] received packet: from 192.168.30.254[500] to 192.168.30.51[500]
Sep 17 09:15:30 destgd0h003661 charon: 14[ENC]   length of TRANSFORM_ATTRIBUTE substructure list invalid
Sep 17 09:15:30 destgd0h003661 charon: 14[ENC]   parsing of a TRANSFORM_SUBSTRUCTURE substructure failed
Sep 17 09:15:30 destgd0h003661 charon: 14[ENC]   parsing of a PROPOSAL_SUBSTRUCTURE substructure failed
Sep 17 09:15:30 destgd0h003661 charon: 14[ENC] payload type SECURITY_ASSOCIATION could not be parsed
Sep 17 09:15:30 destgd0h003661 charon: 14[IKE] IKE_SA_INIT response with message ID 0 processing failed
Sep 17 09:15:33 destgd0h003661 avahi-daemon[2672]: dbus-protocol.c: Too many objects for client ':1.13', client request failed.





> -----Original Message-----
> From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
> Sent: Freitag, 17. September 2010 20:33
> To: Groebl, Laurence (Laurence)
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] IKEv2 tunnel establishment, 
> initiator does not repond
> 
> Hello Laurence,
> 
> a strongSwan log would really help. The only strange thing 
> that I see in the wireshark response is
> 
>                  Transform ID: ENCR_AES_CBC (12)
>                  RESERVED TO IANA (7424): <too big (128 bytes)>
> 
> Is this a wrong encoding of the AES key size???
> 
> Regards
> 
> Andreas
>

More information about the Users mailing list