[strongSwan] IKEv2 fails IKE_SA_INIT response

Andreas Steffen andreas.steffen at strongswan.org
Fri May 6 23:30:27 CEST 2011


Hello Dennis,

please apply the following patch:

http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=f7aca9160315b383e1d7394655a0a9a942fa0808

and check if it fixes your problem.

Regards

Andreas

On 05/06/2011 11:06 PM, Dennis Frett wrote:
> I'm seeing this problem running IKEv2 on strongswan since installing 4.5.1.
>
> If strongswan initiates to a system that does not return the NAT-D
> notify payloads on ike_sa_init response, i see the following error on
> the strongswan console:
> If i run the same strongswan with basically the same configuration to
> another system that does return the NAT-D notify payloads i get no errors.
> the ipsec.conf is set to 'authby=secret' in both cases.
>
>
> initiating IKE_SA strongswan-system[1] to 9.5.149.32
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
> retransmit 1 of request with message ID 0
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
> retransmit 2 of request with message ID 0
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list