[strongSwan] IPv6 IKEv2 Road Warrior Connection issues
Martin Willi
martin at strongswan.org
Mon Oct 6 13:15:37 CEST 2014
Hi,
> Win7 PC --> MiFi (Verizon Wireless) IPv6 --> SoftlayerIPV6 --> VPS.
> authby=xauthrsasig
> xauth=server
> keyexchange=ikev2
IKEv2 with XAuth makes really no sense. If you want to connect Windows 7
clients with username/password, you probably want EAP-MSCHAPv2. Refer to
[1] for details.
> :RSA /usr/local/etc/ipsec.d/private/strongswanKey.pem "passwd1"
> :XAUTH user "!passwd2"
That doesn't look valid, either. Refer to the ipsec.secrets manpage for
syntax details, [1] has an example as well.
> 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> 08[NET] sending packet: from serveripv61[500] to clientipv61[500] (333 bytes)
> 09[NET] received packet: from clientipv61[500] to serveripv61[500] (528 bytes)
> 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 09[IKE] received retransmit of request with ID 0, retransmitting response
Your client seems to retransmit the IKE_SA_INIT request, most likely
because it doesn't get the response message. Possible that it gets lost
on the path; a packet sniffer can help to see where it gets lost. As
fragmentation is very unlikely for that message, this might be related
to a firewall rule somewhere on your path.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
More information about the Users
mailing list