[strongSwan] received INVALID_ID_INFORMATION error notify

Rolf Schöpfer rolf at samplezone.ch
Thu May 22 16:19:29 CEST 2014 

Hi

VPN fritzbox - strongswan still not working:

May 22 16:06:06 development charon: 15[ENC] parsed QUICK_MODE request 1573336936 [ HASH SA No KE ID ID ]
May 22 16:06:06 development charon: 15[CFG] looking for a child config for 10.10.200.182/32 === 192.168.1.0/24
May 22 16:06:06 development charon: 15[CFG] proposing traffic selectors for us:
May 22 16:06:06 development charon: 15[CFG]  10.10.200.182/32
May 22 16:06:06 development charon: 15[CFG] proposing traffic selectors for other:
May 22 16:06:06 development charon: 15[CFG]  192.168.1.0/24
May 22 16:06:06 development charon: 15[CFG]   candidate "host-rslan" with prio 5+5
May 22 16:06:06 development charon: 15[CFG] found matching child config "host-rslan" with prio 10
May 22 16:06:06 development charon: 15[CFG] selecting traffic selectors for other:
May 22 16:06:06 development charon: 15[CFG]  config: 192.168.1.0/24, received: 192.168.1.0/24 => match: 192.168.1.0/24
May 22 16:06:06 development charon: 15[CFG] selecting traffic selectors for us:
May 22 16:06:06 development charon: 15[CFG]  config: 10.10.200.182/32, received: 10.10.200.182/32 => match: 10.10.200.182/32
May 22 16:06:06 development charon: 15[CFG] selecting proposal:
May 22 16:06:06 development charon: 15[CFG]   proposal matches
May 22 16:06:06 development charon: 15[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
May 22 16:06:06 development charon: 15[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
May 22 16:06:06 development charon: 15[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
May 22 16:06:06 development charon: 15[ESP] allocating SPI for reqid {8}
May 22 16:06:06 development charon: 15[ESP] allocated SPI cbc74bc2 for reqid {8}
May 22 16:06:06 development charon: 15[ENC] generating QUICK_MODE response 1573336936 [ HASH SA No KE ID ID ]
May 22 16:06:06 development charon: 13[ENC] parsed INFORMATIONAL_V1 request 2104682989 [ HASH N(INVAL_ID) ]
May 22 16:06:06 development charon: 13[IKE] received INVALID_ID_INFORMATION error notify

I guess this is still Phase1? What ID should I check? Here is my ipsec.conf:

config setup
         charondebug="ike 2, esp 2, chd 1, cfg 2, net 0, enc 1, knl 1"

conn %default
         ikelifetime=60m
         keylife=60m
         rekeymargin=3m
         keyingtries=1
         authby=secret
         keyexchange=ikev1
         mobike=no
...
conn host-rslan
         leftid=88.88.88.88 <---- not real IP
         left=88.88.88.88
         leftsubnet=10.10.200.182/32
         rightid=99.99.99.99 <--- not real IP
         right=99.99.99.99
         rightsubnet=192.168.1.0/24
         ike=aes256-sha1-modp1024!
         esp=3des-sha1-modp1024!                   #P2
         auto=add

Unfortunately there is no Log message from fritzbox which makes is very difficult to troubleshoot

Thanks for any hint.

Regards, Rolf

More information about the Users mailing list