[strongSwan] Windows 7 IKEv2 Error
carnold at electrichendrix.com
Fri Jan 3 02:37:51 CET 2014
Anyone have any ideas?
Sent from my iPhone
> On Dec 31, 2013, at 3:58 PM, "Chris Arnold" <carnold at electrichendrix.com> wrote:
> Stongswan 4.4.x on SLES11 SP2. A windows 7 client using ikev2 is trying to connect using rclients config from ipsec.conf. They get a invalid payload received from the windows 7 client. Here is the exchange from windows 7 to strongswan server:
> received packet: from 98.26.22x.xx to 192.168.1.18
> 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 07[IKE] 98.26.22x.xx is initiating an IKE_SA
> 07[IKE] local host is behind NAT, sending keep alives
> 07[IKE] remote host is behind NAT
> 07[IKE] sending cert request for "C=US, ST=NC, L=Durham, O=Edens Land Corp, OU=ELC, CN=name, E=email address"
> 07[IKE] sending cert request for "C=US, ST=North Carolina, L=Durham, O=Edens Land Corp, OU=ELC, CN=name, E=email address"
> 07[IKE] sending cert request for "C=CH, O=Edens Land Corp, CN=Edens Land Corp CA"
> 07[IKE] sending cert request for "C=FI, O=Test, CN=Test CA"
> 07[IKE] sending cert request for "C=CH, O=Edens Land Corp. CN=ELC RW VPN"
> 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> 07[NET] sending packet: from 192.168.1.18 to 98.26.22x.xx
> 03[NET] received packet: from 98.26.22x.xx to 192.168.1.18
> 03[ENC] not enough input to parse rule 10 ENCRYPTED_DATA
> 03[ENC] payload type ENCRYPTED could not be parsed
> 03[IKE] message parsing failed
> 03[ENC] generating IKE_AUTH response 1 [ N(INVAL_SYN) ]
> 03[NET] sending packet: from 192.168.1.18 to 98.26.22x.xx
> 03[IKE] IKE_AUTH request with message ID 1 processing failed
> Here is the ipsec config:
> conn rclientscerts
> This use to work until we moved offices and got a new public ip. The above leftid reflects the new public ip. I just thought about something, the CN in the cert, does it need to reflect the new public ip? Not sure if that would matter....
> We have a site to site VPN with this same office and that works fine. Any ideas?
> Users mailing list
> Users at lists.strongswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users