[strongSwan] Windows 7 IKEv2 Error
martin at strongswan.org
Fri Jan 3 10:27:55 CET 2014
> 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> 07[NET] sending packet: from 192.168.1.18 to 98.26.22x.xx
> 03[NET] received packet: from 98.26.22x.xx to 192.168.1.18
> 03[ENC] not enough input to parse rule 10 ENCRYPTED_DATA
> 03[ENC] payload type ENCRYPTED could not be parsed
> 03[IKE] message parsing failed
> 03[ENC] generating IKE_AUTH response 1 [ N(INVAL_SYN) ]
> This use to work until we moved offices and got a new public ip. The
> above leftid reflects the new public ip. I just thought about
> something, the CN in the cert, does it need to reflect the new public
No, authentication works independent of payload encryption in IKEv2, so
anything wrong with your credentials wouldn't fail that way.
More likely is a fragmentation issue: Windows 7 sends a certificate
request for each and every CA it knows about, sometimes summing up to
several KB of CERTREQs. If these fragments are not reassembled
completely/correctly, decryption fails.
I'd try to identify how many fragments you see for this IKE_AUTH, and if
they get reassembled correctly on the strongSwan end.
More information about the Users