[strongSwan] IKEv1 + RSA not working with Mac OS X
Tobias Koenig
tobias.koenig at wlan-partner.com
Sun Nov 11 22:17:42 CET 2012
Hi Daniel
I assume you're using OSX >=10.8, since apple changed something with the
racoon daemon, there are known problems with certificates. I did some
research and tests a few weeks ago while running into the same problem
and could narrow it down to either the size of the certificates and/or
to the included information.
There are ways to get it working, but you'll probably end up creating
new certificates. Therefor I personally decided to use PSK/XAUTH
with OSX (from Mountain Lion) and IOS 6.
Check the following links for further infos:
https://discussions.apple.com/thread/4158642?start=15&tstart=0
and maybe those:
https://discussions.apple.com/thread/4139538?start=0&tstart=0
http://www.astaro.org/gateway-products/vpn-site-site-remote-access/44432-cisco-vpn-not-working-apple-ios-6-a.html
There also was already a discussion on the ML about this (I still
couldn't figure why Martin Willi's certificates are working with
2048bit):
http://www.mail-archive.com/users@lists.strongswan.org/msg05105.html
Cheers
Tobias
Am Sat, 10 Nov 2012 14:41:32 +0100
schrieb Daniel Tschinder <dane.tschi at gmx.at>:
> Hello,
>
> I have strongswan working since two years for IKEv2 and Windows7. As
> IKEv2 is not well supported by clients, I'm now trying to add support
> for IKEv1 and testing with the native Mac OS X Client from 10.8.
>
> But now I'm stuck at some weird problem which I seem not to be able
> to solve by myself. The Problem is (as far as I can see) that either
> the MAC is sending an invalid message or the server is not able to
> decrypt. [...]
> Nov 10 13:49:28 gateway charon: 11[ENC] parsing ENCRYPTED_V1 payload
> finished
> Nov 10 13:49:28 gateway charon: 11[ENC] process payload of type
> ENCRYPTED_V1 Nov 10 13:49:28 gateway charon: 11[ENC] found an
> encryption payload Nov 10 13:49:28 gateway charon: 11[ENC] decryption
> failed, invalid length Nov 10 13:49:28 gateway charon: 11[ENC] could
> not decrypt payloads Nov 10 13:49:28 gateway charon: 11[IKE]
> integrity check failed [...]
>
> The Certificates seem to work, as the same one used on the MAC works
> on Windows with IKEv2.
>
> I tried a lot of different settings in ipsec.conf but non of them
> seem to have any impact on the problem.
>
> Hopefully anyone can help me out.
> I appreciate any suggestion, as I'm at the end of my knowledge.
>
> Thanks in advance.
>
> ipsec.conf:
>
> config setup
> charondebug="dmn 3, mgr 3, ike 1, chd 3, job 3, cfg 3, knl
> 3, net 1, asn 1, enc 1, lib 3, esp 3, tls 3"
>
> conn win7
> reauth=no
> ikelifetime=8h
> left=%defaultroute
> leftcert=peer2_gateway_cert.pem
> leftsubnet=10.0.59.0/24
> right=%any
> rightsourceip=10.0.51.0/24
> keyexchange=ikev2
> auto=add
>
> conn macosx
> xauth=server
> keyexchange=ikev1
> left=%defaultroute
> leftcert=peer2_gateway_cert.pem
> leftsubnet=10.0.59.0/24
> leftauth=pubkey
> right=%any
> rightsourceip=10.0.52.0/24
> rightauth=pubkey
> rightauth2=xauth
> auto=add
>
> ipsec.secret:
>
> : RSA peer2_gateway_key.pem "password"
> user : XAUTH "password"
>
> And here is the log:
> Nov 10 14:25:13 gateway charon: 05[MGR] checkout IKE_SA by message
> Nov 10 14:25:13 gateway charon: 05[MGR] created IKE_SA (unnamed)[1]
> Nov 10 14:25:13 gateway charon: 05[NET] received packet: from
> <client-ip>[56616] to <server-ip>[500]
> Nov 10 14:25:13 gateway charon: 05[ENC] parsed ID_PROT request 0 [ SA
> V V V V V V V V V V V V V V ]
> Nov 10 14:25:13 gateway charon: 05[CFG] looking for an ike config for
> <server-ip>...<client-ip>
> Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2
> (<server-ip> <client-ip>)
> Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any,
> prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] ike config match: 2
> (<server-ip> <client-ip>)
> Nov 10 14:25:13 gateway charon: 05[CFG] candidate: %any...%any,
> prio 2 Nov 10 14:25:13 gateway charon: 05[CFG] found matching ike
> config: %any...%any with prio 2
> Nov 10 14:25:13 gateway charon: 05[IKE] received NAT-T (RFC 3947)
> vendor ID Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-08 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-07 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-06 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-05 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-04 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-03 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-02 vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received XAuth vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] received Cisco Unity vendor ID
> Nov 10 14:25:13 gateway charon: 05[ENC] received unknown vendor ID:
> 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00
> Nov 10 14:25:13 gateway charon: 05[IKE] received DPD vendor ID
> Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a
> Main Mode IKE_SA
> Nov 10 14:25:13 gateway charon: 05[IKE] <client-ip> is initiating a
> Main Mode IKE_SA
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> INTEGRITY_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> INTEGRITY_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] no acceptable
> ENCRYPTION_ALGORITHM found
> Nov 10 14:25:13 gateway charon: 05[CFG] selecting proposal:
> Nov 10 14:25:13 gateway charon: 05[CFG] proposal matches
> Nov 10 14:25:13 gateway charon: 05[CFG] received proposals:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
> IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
> IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
> Nov 10 14:25:13 gateway charon: 05[CFG] configured proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192
> Nov 10 14:25:13 gateway charon: 05[CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
> Nov 10 14:25:13 gateway charon: 05[ENC] generating ID_PROT response 0
> [ SA V V V ]
> Nov 10 14:25:13 gateway charon: 05[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:13 gateway charon: 07[JOB] next event in 29s 996ms,
> waiting Nov 10 14:25:13 gateway charon: 05[MGR] checkin IKE_SA
> (unnamed)[1] Nov 10 14:25:13 gateway charon: 05[MGR] check-in of
> IKE_SA successful. Nov 10 14:25:13 gateway charon: 04[MGR] checkout
> IKE_SA by message Nov 10 14:25:13 gateway charon: 04[MGR] IKE_SA
> (unnamed)[1] successfully checked out
> Nov 10 14:25:13 gateway charon: 04[NET] received packet: from
> <client-ip>[56616] to <server-ip>[500]
> Nov 10 14:25:13 gateway charon: 04[ENC] parsed ID_PROT request 0 [ KE
> No NAT-D NAT-D ]
> Nov 10 14:25:13 gateway charon: 04[LIB] size of DH secret exponent:
> 1535 bits
> Nov 10 14:25:13 gateway charon: 04[IKE] remote host is behind NAT
> Nov 10 14:25:13 gateway charon: 04[IKE] sending cert request for
> "C=DE, ST=Berlin, O=<Organization>, CN=<Name> CA, E=<email>"
> Nov 10 14:25:13 gateway charon: 04[ENC] generating ID_PROT response 0
> [ KE No CERTREQ NAT-D NAT-D ]
> Nov 10 14:25:13 gateway charon: 04[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:13 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:13 gateway charon: 04[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:13 gateway charon: 03[MGR] checkout IKE_SA by message
> Nov 10 14:25:13 gateway charon: 03[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:13 gateway charon: 03[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:13 gateway charon: 03[ENC] decryption failed, invalid
> length Nov 10 14:25:13 gateway charon: 03[ENC] could not decrypt
> payloads Nov 10 14:25:13 gateway charon: 03[IKE] integrity check
> failed Nov 10 14:25:13 gateway charon: 03[ENC] generating
> INFORMATIONAL_V1 request 374731955 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:13 gateway charon: 03[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:13 gateway charon: 03[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:13 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:13 gateway charon: 03[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:13 gateway charon: 02[MGR] checkout IKE_SA by message
> Nov 10 14:25:13 gateway charon: 02[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:13 gateway charon: 02[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:13 gateway charon: 02[ENC] decryption failed, invalid
> length Nov 10 14:25:13 gateway charon: 02[ENC] could not decrypt
> payloads Nov 10 14:25:13 gateway charon: 02[IKE] integrity check
> failed Nov 10 14:25:13 gateway charon: 02[ENC] generating
> INFORMATIONAL_V1 request 1955652691 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:13 gateway charon: 02[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:13 gateway charon: 02[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:13 gateway charon: 02[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:13 gateway charon: 02[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:16 gateway charon: 01[MGR] checkout IKE_SA by message
> Nov 10 14:25:16 gateway charon: 01[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:16 gateway charon: 01[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:16 gateway charon: 01[ENC] decryption failed, invalid
> length Nov 10 14:25:16 gateway charon: 01[ENC] could not decrypt
> payloads Nov 10 14:25:16 gateway charon: 01[IKE] integrity check
> failed Nov 10 14:25:16 gateway charon: 01[ENC] generating
> INFORMATIONAL_V1 request 1337183494 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:16 gateway charon: 01[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:16 gateway charon: 01[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:16 gateway charon: 01[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:16 gateway charon: 01[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:16 gateway charon: 13[MGR] checkout IKE_SA by message
> Nov 10 14:25:16 gateway charon: 13[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:16 gateway charon: 13[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:16 gateway charon: 13[ENC] decryption failed, invalid
> length Nov 10 14:25:16 gateway charon: 13[ENC] could not decrypt
> payloads Nov 10 14:25:16 gateway charon: 13[IKE] integrity check
> failed Nov 10 14:25:16 gateway charon: 13[ENC] generating
> INFORMATIONAL_V1 request 4186574038 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:16 gateway charon: 13[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:16 gateway charon: 13[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:16 gateway charon: 13[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:16 gateway charon: 13[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:19 gateway charon: 06[MGR] checkout IKE_SA by message
> Nov 10 14:25:19 gateway charon: 06[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:19 gateway charon: 06[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:19 gateway charon: 06[ENC] decryption failed, invalid
> length Nov 10 14:25:19 gateway charon: 06[ENC] could not decrypt
> payloads Nov 10 14:25:19 gateway charon: 06[IKE] integrity check
> failed Nov 10 14:25:19 gateway charon: 06[ENC] generating
> INFORMATIONAL_V1 request 2768949833 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:19 gateway charon: 06[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:19 gateway charon: 06[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:19 gateway charon: 06[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:19 gateway charon: 06[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:19 gateway charon: 15[MGR] checkout IKE_SA by message
> Nov 10 14:25:19 gateway charon: 15[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:19 gateway charon: 15[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:19 gateway charon: 15[ENC] decryption failed, invalid
> length Nov 10 14:25:19 gateway charon: 15[ENC] could not decrypt
> payloads Nov 10 14:25:19 gateway charon: 15[IKE] integrity check
> failed Nov 10 14:25:19 gateway charon: 15[ENC] generating
> INFORMATIONAL_V1 request 909043028 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:19 gateway charon: 15[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:19 gateway charon: 15[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:19 gateway charon: 15[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:19 gateway charon: 15[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:22 gateway charon: 11[MGR] checkout IKE_SA by message
> Nov 10 14:25:22 gateway charon: 11[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:22 gateway charon: 11[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:22 gateway charon: 11[ENC] decryption failed, invalid
> length Nov 10 14:25:22 gateway charon: 11[ENC] could not decrypt
> payloads Nov 10 14:25:22 gateway charon: 11[IKE] integrity check
> failed Nov 10 14:25:22 gateway charon: 11[ENC] generating
> INFORMATIONAL_V1 request 2987174101 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:22 gateway charon: 11[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:22 gateway charon: 11[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:22 gateway charon: 11[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:22 gateway charon: 11[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:22 gateway charon: 05[MGR] checkout IKE_SA by message
> Nov 10 14:25:22 gateway charon: 05[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:22 gateway charon: 05[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:22 gateway charon: 05[ENC] decryption failed, invalid
> length Nov 10 14:25:22 gateway charon: 05[ENC] could not decrypt
> payloads Nov 10 14:25:22 gateway charon: 05[IKE] integrity check
> failed Nov 10 14:25:22 gateway charon: 05[ENC] generating
> INFORMATIONAL_V1 request 2459254495 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:22 gateway charon: 05[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:22 gateway charon: 05[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:22 gateway charon: 05[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:22 gateway charon: 05[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:34 gateway charon: 04[MGR] checkout IKE_SA by message
> Nov 10 14:25:34 gateway charon: 04[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:34 gateway charon: 04[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:34 gateway charon: 04[ENC] decryption failed, invalid
> length Nov 10 14:25:34 gateway charon: 04[ENC] could not decrypt
> payloads Nov 10 14:25:34 gateway charon: 04[IKE] integrity check
> failed Nov 10 14:25:34 gateway charon: 04[ENC] generating
> INFORMATIONAL_V1 request 1662440368 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:34 gateway charon: 04[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:34 gateway charon: 04[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:34 gateway charon: 04[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:34 gateway charon: 04[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:34 gateway charon: 03[MGR] checkout IKE_SA by message
> Nov 10 14:25:34 gateway charon: 03[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:34 gateway charon: 03[NET] received packet: from
> <client-ip>[56633] to <server-ip>[4500]
> Nov 10 14:25:34 gateway charon: 03[ENC] decryption failed, invalid
> length Nov 10 14:25:34 gateway charon: 03[ENC] could not decrypt
> payloads Nov 10 14:25:34 gateway charon: 03[IKE] integrity check
> failed Nov 10 14:25:34 gateway charon: 03[ENC] generating
> INFORMATIONAL_V1 request 3160971383 [ HASH N(INVAL_HASH) ]
> Nov 10 14:25:34 gateway charon: 03[NET] sending packet: from
> <server-ip>[500] to <client-ip>[56616]
> Nov 10 14:25:34 gateway charon: 03[IKE] ID_PROT request with message
> ID 0 processing failed
> Nov 10 14:25:34 gateway charon: 03[MGR] checkin IKE_SA (unnamed)[1]
> Nov 10 14:25:34 gateway charon: 03[MGR] check-in of IKE_SA successful.
> Nov 10 14:25:43 gateway charon: 07[JOB] got event, queuing job for
> execution Nov 10 14:25:43 gateway charon: 07[JOB] no events, waiting
> Nov 10 14:25:43 gateway charon: 02[MGR] checkout IKE_SA
> Nov 10 14:25:43 gateway charon: 02[MGR] IKE_SA (unnamed)[1]
> successfully checked out
> Nov 10 14:25:43 gateway charon: 02[JOB] deleting half open IKE_SA
> after timeout
> Nov 10 14:25:43 gateway charon: 02[MGR] checkin and destroy IKE_SA
> (unnamed)[1]
> Nov 10 14:25:43 gateway charon: 02[MGR] check-in and destroy of
> IKE_SA successful
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list