[strongSwan] Can't connect to port 4500 with Brighthouse cable hotspot

Noel Kuntze noel at familie-kuntze.de
Fri Dec 26 14:46:21 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Volker,

Coming to speak of fragmentation: The patch for IKEv2 fragmentation is currently not in a stable release, only git.
Patching the app source code with it, enabling fragmentation by default and building the app yourself might fix the problem.
The server would also need to be patched.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 26.12.2014 um 14:40 schrieb Volker Rümelin:
> Hi Jay,
>
> I am resending this mail, because I forgot to include the mailing list.
>
>> Nov 29 08:24:14 14[ENC] generating IKE_AUTH request 1 [ IDi CERT N
>> (INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA
>> TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
>> Nov 29 08:24:14 14[NET] sending packet: from 10.235.225.57[56813] to
>> my.server[4500] (1772 bytes)
>> Nov 29 08:24:16 16[IKE] retransmit 1 of request with message ID 1
>> Nov 29 08:24:16 16[NET] sending packet: from 10.235.225.57[56813] to
>> my.server[4500] (1772 bytes)
>>
> I wouldn't be surprised if this is a fragmentation problem and your hotspot provider drops ip fragments. In this case adding
>
>     fragmentation=yes
>
> to the conn %default section in ipsec.conf on your openwrt server may solve your problem.
>
> Best regards,
> Volker
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUnWaqAAoJEDg5KY9j7GZYDtEP/0acnBLmNCT6kpyXAvwiF+XX
1zlTB8qrAgLSzQsbNzCc4EAS/11izyh4N6nvJ1/xuBlCZSDG6Ul5zWydAR+3m9bd
QgZ+wMk2gTz094Ex67piGvy3jzWFYxKyy1vlc8OXZXoIg1HHIjf+Ibyk2vaKrRWq
aD1OqpOfiRZJza3eKTi3GtRrGUMC+GhSRn2orHUG4zigXxHKwv9cgu96SP6Pcz4B
mqYq4I+G0ZUhH9U/NDnSEkkfftjxWp0eNghKhuA0SaQI30hFCN4VxAueu0jhZbc8
P2Xx9fG3yeqMGMXcs6euwWQXoimX4DtyvorOCOxHmalnTGZLJACJzGnehDOLRfBd
chYf8rUgNZ1y+0bahJD5JWVPUiG1/LzNTTEFR6dFdnWk5ZbezfXgNNEpunD+yYK9
QKTyQ0RPqDB+nN46r5bomF2sCqwzghsywHXspOMIy+44SfD/2KCv7Pb8fc4CHHKg
Os/J/ppm8vvLD/79E3tfuSUpOHYlKStF+5k91uhMWLVe5b4KZt3TnjUxqhxv0JJ+
ePsy68qEJOb+MxuSkcCtZQVfN8vEGP4g9mYsDhlTKA+ODRHEmigGRZr8LuzO5FW8
iV/kC0qDKxqkiS0x7yTtyq/ERGxjtffYmy9UIkwcNDCou7q7ltZe637gcUsw+Zz5
eJVnoIbtutQsOcGKmA/9
=A7FV
-----END PGP SIGNATURE-----



More information about the Users mailing list