[strongSwan] IKEv2 fails IKE_SA_INIT response

Dennis Frett frett at us.ibm.com
Mon May 9 16:38:42 CEST 2011 

Andreas,

Thanks for the quick reply.   That patch solved our problem. 


Dennis,




From:   Andreas Steffen <andreas.steffen at strongswan.org>
To:     Dennis Frett/Rochester/IBM at IBMUS
Cc:     users at lists.strongswan.org
Date:   05/06/2011 04:30 PM
Subject:        Re: [strongSwan] IKEv2 fails IKE_SA_INIT response



Hello Dennis,

please apply the following patch:

http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=f7aca9160315b383e1d7394655a0a9a942fa0808


and check if it fixes your problem.

Regards

Andreas

On 05/06/2011 11:06 PM, Dennis Frett wrote:
> I'm seeing this problem running IKEv2 on strongswan since installing 
4.5.1.
>
> If strongswan initiates to a system that does not return the NAT-D
> notify payloads on ike_sa_init response, i see the following error on
> the strongswan console:
> If i run the same strongswan with basically the same configuration to
> another system that does return the NAT-D notify payloads i get no 
errors.
> the ipsec.conf is set to 'authby=secret' in both cases.
>
>
> initiating IKE_SA strongswan-system[1] to 9.5.149.32
> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
> retransmit 1 of request with message ID 0
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
> retransmit 2 of request with message ID 0
> sending packet: from 9.5.149.53[500] to 9.5.149.32[500]
> received packet: from 9.5.149.32[500] to 9.5.149.53[500]
> payload of type CERTIFICATE_REQUEST not occured 1 times (0)
> IKE_SA_INIT response with message ID 0 processing failed
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110509/9c66a2b5/attachment.html>

More information about the Users mailing list