[strongSwan] Tunnel stuck in QUICK_MODE active task
Izz Abdullah
izz.abdullah at wepanow.com
Fri Nov 15 13:24:17 CET 2013
Thanks for your reply Martin. I'll try this as soon as I reach the office and report back.
--
Izz
Sent using Android™
-------- Original message --------
From: Martin Willi <martin at strongswan.org>
Date: 11/15/2013 3:08 AM (GMT-06:00)
To: Izz Abdullah <izz.abdullah at wepanow.com>
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Tunnel stuck in QUICK_MODE active task
Hi,
> 03[ENC] generating QUICK_MODE request 1871762211 [ HASH SA No ID ID ]
> 03[NET] sending packet: from 10.201.50.70[4500] to W.X.Y.Z[4500] (172 bytes)
> 14[NET] received packet: from W.X.Y.Z[4500] to 10.201.50.70[4500] (76 bytes)
> 14[IKE] queueing TRANSACTION request as tasks still active
The strongSwan initiator creates a Quick Mode, but the PIX does not
expect that. Instead, it seems that it wants to do a Mode Config
exchange in Push Mode first. Mode Config TRANSACTION exchanges always
have to complete before you can create any Quick Modes, hence the
configurations have to match on both sides.
We have support for push mode starting with 5.1.1. If you want to use a
Mode Config exchange (i.e. assign a virtual IP to the initiator), you
may try to set:
leftsourceip=%config
modeconfig=push
If you don't need any Mode Config, you may try to disable that on the
PIX.
Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131115/29c906d9/attachment.html>
More information about the Users
mailing list