[strongSwan] Can't connect to port 4500 with Brighthouse cable hotspot

Noel Kuntze noel at familie-kuntze.de
Fri Dec 26 14:53:56 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

I just looked up the description and fragmentation is supported. I think patching the server would be necessary then.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 26.12.2014 um 14:46 schrieb Noel Kuntze:
>
> Hello Volker,
>
> Coming to speak of fragmentation: The patch for IKEv2 fragmentation is currently not in a stable release, only git.
> Patching the app source code with it, enabling fragmentation by default and building the app yourself might fix the problem.
> The server would also need to be patched.
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 26.12.2014 um 14:40 schrieb Volker Rümelin:
> > Hi Jay,
>
> > I am resending this mail, because I forgot to include the mailing list.
>
> >> Nov 29 08:24:14 14[ENC] generating IKE_AUTH request 1 [ IDi CERT N
> >> (INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA
> >> TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
> >> Nov 29 08:24:14 14[NET] sending packet: from 10.235.225.57[56813] to
> >> my.server[4500] (1772 bytes)
> >> Nov 29 08:24:16 16[IKE] retransmit 1 of request with message ID 1
> >> Nov 29 08:24:16 16[NET] sending packet: from 10.235.225.57[56813] to
> >> my.server[4500] (1772 bytes)
> >>
> > I wouldn't be surprised if this is a fragmentation problem and your hotspot provider drops ip fragments. In this case adding
>
> >     fragmentation=yes
>
> > to the conn %default section in ipsec.conf on your openwrt server may solve your problem.
>
> > Best regards,
> > Volker
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUnWh0AAoJEDg5KY9j7GZYli8QAJaIedmD75UHo4hH3l2l649O
FRD4dmLzt7nhbRack+3vfmMpIcQnzOvNsMyzMFwjcV6dA98FL49kM+S3ZA8XkPtl
GCsZk4cpZId7r4qGGnysh9nCPQrlfuJ7RwGv4rZxX5Z8En+5zZvU+ige2Y5VA5Ff
ZXCflwI3wRIU2zgQArZ7ud+ooSsez/5t02b1jTHrAXuWqq9NDLpCqNyeNJbQOT94
Imhq+jBIVseikGYtuZZC6PClKRPOCtRDP5F26lnP8ZtQwmQHuk2T0sNLGGMQ4Qsb
kzbBExMGdjsVHp41EBIOLJdYKhPEiAbkqN9YyKETPTxW7kJ8cPGeZ8p/2qGS3Hzs
LHglB3onQ5/DE6+bJ17yPvKfbhoOTFIJWA/mRMgIwOwfz10i2055r8Ra37h5ukWy
aYFz8pTvCLHWzZiAs4qo96JEZJE+/O65WH8N1UZ9WafrzSH3Yu12/eaq0BSZMGT6
tWgNgA8gYnWmUzpB0MQ2VdSEJN37ZCSUiOmmpHfPiEcdLbGWgIMqwuGTDsfOzv8f
xw8qkyFyl9/1KmfoFphZvcfCpWTUETiJLmwfc3IPWTDCUprPA9wtmhYp8XXHw2hH
ATDAo5puApwRR5avM6HJT5WeT8c7FtQerNBLwq6vTv6HrGRTq4Uj6nWaZEyRXn8Q
7lfM5bsLd/3RpcjMf4V6
=xmIN
-----END PGP SIGNATURE-----

More information about the Users mailing list