[strongSwan] Strongswan and Windows 7 : next payload type of ISAKMP Hash Payload has an unknown value xxx

Thu Jun 13 17:41:12 CEST 2013

Hi, 

I want to establish an ipsec tunnel between a windows 7
machine using the Firewall with advanced security and a debian machine
with strongswan. 

I test with psk and it works fine, 
now i want to
test with certificates : 

I follow this tutorial
:
http://tiebing.blogspot.fr/2012/05/windows-7-ikev2-error-13806.html

when the certificates are generated usign the ipsec pki tool no
problem, 

but when i test to generate them with openssl i can see that
the ISAKMP SA (IKEv1) fail before authentication phase.
i have the four
first messages and the an informational message.

I look the auth.log on
the strongswan machine and i get the following error : 

Jun 13 13:43:07
wheezy pluto[5439]: | state object #2 found, in STATE_MAIN_R2
Jun 13
13:43:07 wheezy pluto[5439]: "win" #2: next payload type of ISAKMP Hash
Payload has an unknown value: 185
Jun 13 13:43:07 wheezy pluto[5439]:
"win" #2: malformed payload in packet
Jun 13 13:43:07 wheezy
pluto[5439]: | next event EVENT_RETRANSMIT in 2 seconds for #1 

this is
my ipsec.conf file : 

# ipsec.conf - strongSwan IPsec configuration
file

# basic configuration

config setup
 # plutodebug=all
 #
crlcheckinterval=600
 # strictcrlpolicy=yes
 # cachecrls=yes
 #
nat_traversal=yes
 charonstart=no
 plutostart=yes
 plutodebug=control

#
Add connections here.

# tunnel windows
include /etc/ipsec.d/win.conf

and my win.conf file 

#
conn win
 authby=rsasig
 keyexchange=ikev1

pfs=no
 compress=no
 leftfirewall=yes
 left=10.0.4.6

leftsubnet=10.0.1.0/24
 leftid="C=FR, O=Win7,
CN=clientA.mycompany.local"
 right=10.0.5.4
 rightsubnet=10.0.2.0/24

rightcert=serverBcert.pem
 auto=add 

Thanks for help!

Kelly 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130613/46422af1/attachment.html>