[strongSwan] Error 13801 in windows

[Kamil Jońca]

Andreas Steffen
<andreas.steffen at strongswan.org> writes:

> Could you run tcpdump or wireshark on the strongSwan host and
> check if any ESP packets are arriving from the Windows client.
> You should also be able to the inbound decrypted ICMP requests.
> In the outbound direction only ESP packets are visible but
> they are probably missing.
>
I'm not sure if I understood you correctly but:
--8<---------------cut here---------------start------------->8---

sudo tcpdump -vv -i lan 'esp or udp port 4500 or udp port 500'
tcpdump: listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
17:23:10.103351 IP (tos 0x0, ttl 239, id 943, offset 0, flags [none], proto UDP (17), length 128)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x11), length 100
17:23:10.105285 IP (tos 0x0, ttl 64, id 40604, offset 0, flags [none], proto UDP (17), length 176)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 10.10 msgid 409aaffc cookie 4c88787700000011->6f7aa7ebed0be088:
17:23:10.223247 IP (tos 0x0, ttl 239, id 946, offset 0, flags [none], proto UDP (17), length 120)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x12), length 92
17:23:10.223389 IP (tos 0x0, ttl 64, id 40605, offset 0, flags [none], proto UDP (17), length 120)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 10.3 msgid 1abd275f cookie 4c88787700000012->174b7bd54f6d754f:
17:23:10.443372 IP (tos 0x0, ttl 239, id 947, offset 0, flags [none], proto UDP (17), length 120)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x13), length 92
17:23:10.444083 IP (tos 0x0, ttl 64, id 40606, offset 0, flags [none], proto UDP (17), length 168)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 13.0 msgid 79fbc08d cookie 4c88787700000013->d64ec9ffda629afb:
17:23:10.464147 IP (tos 0x0, ttl 239, id 948, offset 0, flags [none], proto UDP (17), length 120)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x14), length 92
17:23:10.465201 IP (tos 0x0, ttl 64, id 40607, offset 0, flags [none], proto UDP (17), length 168)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 8.1 msgid 9672ee56 cookie 4c88787700000014->c42845423907698e:
17:23:14.863744 IP (tos 0x0, ttl 239, id 956, offset 0, flags [none], proto UDP (17), length 120)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x15), length 92
17:23:14.863884 IP (tos 0x0, ttl 64, id 40608, offset 0, flags [none], proto UDP (17), length 120)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 5.6 msgid 18d5d909 cookie 4c88787700000015->2ae24001cb76a6db:
17:23:18.664527 IP (tos 0x0, ttl 239, id 960, offset 0, flags [none], proto UDP (17), length 128)
    178.180.71.169.nat.umts.dynamic.t-mobile.pl.4500 > alfa.kjonca.4500: [no cksum] UDP-encap: ESP(spi=0xc81acd1d,seq=0x16), length 100
17:23:18.665505 IP (tos 0x0, ttl 64, id 40609, offset 0, flags [none], proto UDP (17), length 176)
    alfa.kjonca.4500 > 178.180.71.169.nat.umts.dynamic.t-mobile.pl.isakmp: [no cksum] isakmp 1.15 msgid 7926d194 cookie 4c88787700000016->3c4ed056dfc932a7: phase 2/others ? #124[C]: [|#182] (len mismatch: isakmp 1806220945/ip 148)
--8<---------------cut here---------------end--------------->8---

(now I try from another address)

BTW. I have read and applied http://support.microsoft.com/?kbid=947234

KJ

-- 
http://blogdebart.pl/2009/12/22/mamy-chorych-dzieci/
kondensator - kondensatorych - kondensatoremu
   (odmiana słowa "kondensator" według MS Word 6.0)