[strongSwan] openswan and playbook issues
martin at strongswan.org
Fri Apr 13 08:58:08 CEST 2012
> 08[CFG] received stroke: initiate 'rem'
> 08[IKE] unable to initiate to %any
Side note: As a responder, it is sufficient to set auto=add. auto=start
doesn't work, as the remote IP is not known.
> 13[NET] received packet: from 220.127.116.11 to 192.168.1.104
> 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 13[IKE] 18.104.22.168 is initiating an IKE_SA
> 13[IKE] local host is behind NAT, sending keep alives
> 13[IKE] remote host is behind NAT
> 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
> 13[NET] sending packet: from 192.168.1.104 to 22.214.171.124
> 14[IKE] sending keep alive
> 14[NET] sending packet: from 192.168.1.104 to 126.96.36.199
> 15[JOB] deleting half open IKE_SA after timeout
The first IKE_SA_INIT exchange succeeds, but then no IKE_AUTH is
received. Either the playbook does not receive the IKE_SA_INIT response,
or its IKE_AUTH doesn't make it to us.
IKE_AUTH might switch to port 4500, and I see that you have a double-NAT
situation. Can you confirm that packets should get through on port 4500?
If it is the case you might try to sniff traffic on the playbook segment
to see which packet gets lost.
More information about the Users