[strongSwan] IKEv1 + RSA not working with Mac OS X
Daniel Tschinder
dane.tschi at gmx.at
Sat Nov 10 14:41:32 CET 2012
Hello,
I have strongswan working since two years for IKEv2 and Windows7. As
IKEv2 is not well supported by clients, I'm now trying to add support
for IKEv1 and testing with the native Mac OS X Client from 10.8.
But now I'm stuck at some weird problem which I seem not to be able to
solve by myself. The Problem is (as far as I can see) that either the
MAC is sending an invalid message or the server is not able to decrypt.
[...]
Nov 10 13:49:28 gateway charon: 11[ENC] parsing ENCRYPTED_V1 payload
finished
Nov 10 13:49:28 gateway charon: 11[ENC] process payload of type ENCRYPTED_V1
Nov 10 13:49:28 gateway charon: 11[ENC] found an encryption payload
Nov 10 13:49:28 gateway charon: 11[ENC] decryption failed, invalid length
Nov 10 13:49:28 gateway charon: 11[ENC] could not decrypt payloads
Nov 10 13:49:28 gateway charon: 11[IKE] integrity check failed
[...]
The Certificates seem to work, as the same one used on the MAC works on
Windows with IKEv2.
I tried a lot of different settings in ipsec.conf but non of them seem
to have any impact on the problem.
Hopefully anyone can help me out.
I appreciate any suggestion, as I'm at the end of my knowledge.
Thanks in advance.
ipsec.conf:
config setup
charondebug="dmn 3, mgr 3, ike 1, chd 3, job 3, cfg 3, knl 3,
net 1, asn 1, enc 1, lib 3, esp 3, tls 3"
conn win7
reauth=no
ikelifetime=8h
left=%defaultroute
leftcert=peer2_gateway_cert.pem
leftsubnet=10.0.59.0/24
right=%any
rightsourceip=10.0.51.0/24
keyexchange=ikev2
auto=add
conn macosx
xauth=server
keyexchange=ikev1
left=%defaultroute
leftcert=peer2_gateway_cert.pem
leftsubnet=10.0.59.0/24
leftauth=pubkey
right=%any
rightsourceip=10.0.52.0/24
rightauth=pubkey
rightauth2=xauth
auto=add
ipsec.secret:
: RSA peer2_gateway_key.pem "password"
user : XAUTH "password"
And here is the log:
Nov 10 14:25:13 gateway charon: 05[MGR] checkout IKE_SA by message
Nov 10 14:25:13 gateway charon: 05[MGR] created IKE_SA (unnamed)[1]
Nov 10 14:25:13 gateway charon: 05[NET] received packet: from
<client-ip>[56616] to <server-ip>[500]
Nov 10 14:25:13 gateway charon: 05[ENC] parsed ID_PROT request 0 [ SA V
V V V V V V V V V V V V V ]
Nov 10 14:25:13 gateway charon: 05[CFG] looking for an ike config for
<server-ip>...<client-ip>
Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 (<server-ip>
<client-ip>)
Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, prio 2
Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2 (<server-ip>
<client-ip>)
Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any, prio 2
Nov 10 14:25:13 gateway charon: 05[CFG] found matching ike config:
%any...%any with prio 2
Nov 10 14:25:13 gateway charon: 05[IKE] received NAT-T (RFC 3947) vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received XAuth vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] received Cisco Unity vendor ID
Nov 10 14:25:13 gateway charon: 05[ENC] received unknown vendor ID:
40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00
Nov 10 14:25:13 gateway charon: 05[IKE] received DPD vendor ID
Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a Main
Mode IKE_SA
Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a Main
Mode IKE_SA
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
INTEGRITY_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
INTEGRITY_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
ENCRYPTION_ALGORITHM found
Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
Nov 10 14:25:13 gateway charon: 05[CFG] proposal matches
Nov 10 14:25:13 gateway charon: 05[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Nov 10 14:25:13 gateway charon: 05[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192
Nov 10 14:25:13 gateway charon: 05[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Nov 10 14:25:13 gateway charon: 05[ENC] generating ID_PROT response 0 [
SA V V V ]
Nov 10 14:25:13 gateway charon: 05[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:13 gateway charon: 07[JOB] next event in 29s 996ms, waiting
Nov 10 14:25:13 gateway charon: 05[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:13 gateway charon: 05[MGR] check-in of IKE_SA successful.
Nov 10 14:25:13 gateway charon: 04[MGR] checkout IKE_SA by message
Nov 10 14:25:13 gateway charon: 04[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:13 gateway charon: 04[NET] received packet: from
<client-ip>[56616] to <server-ip>[500]
Nov 10 14:25:13 gateway charon: 04[ENC] parsed ID_PROT request 0 [ KE No
NAT-D NAT-D ]
Nov 10 14:25:13 gateway charon: 04[LIB] size of DH secret exponent: 1535
bits
Nov 10 14:25:13 gateway charon: 04[IKE] remote host is behind NAT
Nov 10 14:25:13 gateway charon: 04[IKE] sending cert request for "C=DE,
ST=Berlin, O=<Organization>, CN=<Name> CA, E=<email>"
Nov 10 14:25:13 gateway charon: 04[ENC] generating ID_PROT response 0 [
KE No CERTREQ NAT-D NAT-D ]
Nov 10 14:25:13 gateway charon: 04[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:13 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:13 gateway charon: 04[MGR] check-in of IKE_SA successful.
Nov 10 14:25:13 gateway charon: 03[MGR] checkout IKE_SA by message
Nov 10 14:25:13 gateway charon: 03[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:13 gateway charon: 03[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:13 gateway charon: 03[ENC] decryption failed, invalid length
Nov 10 14:25:13 gateway charon: 03[ENC] could not decrypt payloads
Nov 10 14:25:13 gateway charon: 03[IKE] integrity check failed
Nov 10 14:25:13 gateway charon: 03[ENC] generating INFORMATIONAL_V1
request 374731955 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:13 gateway charon: 03[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:13 gateway charon: 03[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:13 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:13 gateway charon: 03[MGR] check-in of IKE_SA successful.
Nov 10 14:25:13 gateway charon: 02[MGR] checkout IKE_SA by message
Nov 10 14:25:13 gateway charon: 02[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:13 gateway charon: 02[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:13 gateway charon: 02[ENC] decryption failed, invalid length
Nov 10 14:25:13 gateway charon: 02[ENC] could not decrypt payloads
Nov 10 14:25:13 gateway charon: 02[IKE] integrity check failed
Nov 10 14:25:13 gateway charon: 02[ENC] generating INFORMATIONAL_V1
request 1955652691 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:13 gateway charon: 02[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:13 gateway charon: 02[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:13 gateway charon: 02[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:13 gateway charon: 02[MGR] check-in of IKE_SA successful.
Nov 10 14:25:16 gateway charon: 01[MGR] checkout IKE_SA by message
Nov 10 14:25:16 gateway charon: 01[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:16 gateway charon: 01[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:16 gateway charon: 01[ENC] decryption failed, invalid length
Nov 10 14:25:16 gateway charon: 01[ENC] could not decrypt payloads
Nov 10 14:25:16 gateway charon: 01[IKE] integrity check failed
Nov 10 14:25:16 gateway charon: 01[ENC] generating INFORMATIONAL_V1
request 1337183494 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:16 gateway charon: 01[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:16 gateway charon: 01[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:16 gateway charon: 01[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:16 gateway charon: 01[MGR] check-in of IKE_SA successful.
Nov 10 14:25:16 gateway charon: 13[MGR] checkout IKE_SA by message
Nov 10 14:25:16 gateway charon: 13[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:16 gateway charon: 13[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:16 gateway charon: 13[ENC] decryption failed, invalid length
Nov 10 14:25:16 gateway charon: 13[ENC] could not decrypt payloads
Nov 10 14:25:16 gateway charon: 13[IKE] integrity check failed
Nov 10 14:25:16 gateway charon: 13[ENC] generating INFORMATIONAL_V1
request 4186574038 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:16 gateway charon: 13[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:16 gateway charon: 13[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:16 gateway charon: 13[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:16 gateway charon: 13[MGR] check-in of IKE_SA successful.
Nov 10 14:25:19 gateway charon: 06[MGR] checkout IKE_SA by message
Nov 10 14:25:19 gateway charon: 06[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:19 gateway charon: 06[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:19 gateway charon: 06[ENC] decryption failed, invalid length
Nov 10 14:25:19 gateway charon: 06[ENC] could not decrypt payloads
Nov 10 14:25:19 gateway charon: 06[IKE] integrity check failed
Nov 10 14:25:19 gateway charon: 06[ENC] generating INFORMATIONAL_V1
request 2768949833 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:19 gateway charon: 06[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:19 gateway charon: 06[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:19 gateway charon: 06[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:19 gateway charon: 06[MGR] check-in of IKE_SA successful.
Nov 10 14:25:19 gateway charon: 15[MGR] checkout IKE_SA by message
Nov 10 14:25:19 gateway charon: 15[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:19 gateway charon: 15[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:19 gateway charon: 15[ENC] decryption failed, invalid length
Nov 10 14:25:19 gateway charon: 15[ENC] could not decrypt payloads
Nov 10 14:25:19 gateway charon: 15[IKE] integrity check failed
Nov 10 14:25:19 gateway charon: 15[ENC] generating INFORMATIONAL_V1
request 909043028 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:19 gateway charon: 15[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:19 gateway charon: 15[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:19 gateway charon: 15[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:19 gateway charon: 15[MGR] check-in of IKE_SA successful.
Nov 10 14:25:22 gateway charon: 11[MGR] checkout IKE_SA by message
Nov 10 14:25:22 gateway charon: 11[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:22 gateway charon: 11[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:22 gateway charon: 11[ENC] decryption failed, invalid length
Nov 10 14:25:22 gateway charon: 11[ENC] could not decrypt payloads
Nov 10 14:25:22 gateway charon: 11[IKE] integrity check failed
Nov 10 14:25:22 gateway charon: 11[ENC] generating INFORMATIONAL_V1
request 2987174101 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:22 gateway charon: 11[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:22 gateway charon: 11[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:22 gateway charon: 11[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:22 gateway charon: 11[MGR] check-in of IKE_SA successful.
Nov 10 14:25:22 gateway charon: 05[MGR] checkout IKE_SA by message
Nov 10 14:25:22 gateway charon: 05[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:22 gateway charon: 05[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:22 gateway charon: 05[ENC] decryption failed, invalid length
Nov 10 14:25:22 gateway charon: 05[ENC] could not decrypt payloads
Nov 10 14:25:22 gateway charon: 05[IKE] integrity check failed
Nov 10 14:25:22 gateway charon: 05[ENC] generating INFORMATIONAL_V1
request 2459254495 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:22 gateway charon: 05[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:22 gateway charon: 05[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:22 gateway charon: 05[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:22 gateway charon: 05[MGR] check-in of IKE_SA successful.
Nov 10 14:25:34 gateway charon: 04[MGR] checkout IKE_SA by message
Nov 10 14:25:34 gateway charon: 04[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:34 gateway charon: 04[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:34 gateway charon: 04[ENC] decryption failed, invalid length
Nov 10 14:25:34 gateway charon: 04[ENC] could not decrypt payloads
Nov 10 14:25:34 gateway charon: 04[IKE] integrity check failed
Nov 10 14:25:34 gateway charon: 04[ENC] generating INFORMATIONAL_V1
request 1662440368 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:34 gateway charon: 04[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:34 gateway charon: 04[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:34 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:34 gateway charon: 04[MGR] check-in of IKE_SA successful.
Nov 10 14:25:34 gateway charon: 03[MGR] checkout IKE_SA by message
Nov 10 14:25:34 gateway charon: 03[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:34 gateway charon: 03[NET] received packet: from
<client-ip>[56633] to <server-ip>[4500]
Nov 10 14:25:34 gateway charon: 03[ENC] decryption failed, invalid length
Nov 10 14:25:34 gateway charon: 03[ENC] could not decrypt payloads
Nov 10 14:25:34 gateway charon: 03[IKE] integrity check failed
Nov 10 14:25:34 gateway charon: 03[ENC] generating INFORMATIONAL_V1
request 3160971383 [ HASH N(INVAL_HASH) ]
Nov 10 14:25:34 gateway charon: 03[NET] sending packet: from
<server-ip>[500] to <client-ip>[56616]
Nov 10 14:25:34 gateway charon: 03[IKE] ID_PROT request with message ID
0 processing failed
Nov 10 14:25:34 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1]
Nov 10 14:25:34 gateway charon: 03[MGR] check-in of IKE_SA successful.
Nov 10 14:25:43 gateway charon: 07[JOB] got event, queuing job for execution
Nov 10 14:25:43 gateway charon: 07[JOB] no events, waiting
Nov 10 14:25:43 gateway charon: 02[MGR] checkout IKE_SA
Nov 10 14:25:43 gateway charon: 02[MGR] IKE_SA (unnamed)[1] successfully
checked out
Nov 10 14:25:43 gateway charon: 02[JOB] deleting half open IKE_SA after
timeout
Nov 10 14:25:43 gateway charon: 02[MGR] checkin and destroy IKE_SA
(unnamed)[1]
Nov 10 14:25:43 gateway charon: 02[MGR] check-in and destroy of IKE_SA
successful
More information about the Users
mailing list