[strongSwan] openswan and playbook issues
Martin Willi
martin at strongswan.org
Fri Apr 13 08:58:08 CEST 2012
Hi Dan,
> 08[CFG] received stroke: initiate 'rem'
> 08[IKE] unable to initiate to %any
Side note: As a responder, it is sufficient to set auto=add. auto=start
doesn't work, as the remote IP is not known.
> 13[NET] received packet: from 75.99.83.90[500] to 192.168.1.104[500]
> 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 13[IKE] 75.99.83.90 is initiating an IKE_SA
> 13[IKE] local host is behind NAT, sending keep alives
> 13[IKE] remote host is behind NAT
> 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
> 13[NET] sending packet: from 192.168.1.104[500] to 75.99.83.90[500]
> 14[IKE] sending keep alive
> 14[NET] sending packet: from 192.168.1.104[500] to 75.99.83.90[500]
> 15[JOB] deleting half open IKE_SA after timeout
The first IKE_SA_INIT exchange succeeds, but then no IKE_AUTH is
received. Either the playbook does not receive the IKE_SA_INIT response,
or its IKE_AUTH doesn't make it to us.
IKE_AUTH might switch to port 4500, and I see that you have a double-NAT
situation. Can you confirm that packets should get through on port 4500?
If it is the case you might try to sniff traffic on the playbook segment
to see which packet gets lost.
Regards
Martin
More information about the Users
mailing list