[strongSwan] IPv6 IKEv2 Road Warrior Connection issues
martin at strongswan.org
Mon Oct 6 13:15:37 CEST 2014
> Win7 PC --> MiFi (Verizon Wireless) IPv6 --> SoftlayerIPV6 --> VPS.
IKEv2 with XAuth makes really no sense. If you want to connect Windows 7
clients with username/password, you probably want EAP-MSCHAPv2. Refer to
 for details.
> :RSA /usr/local/etc/ipsec.d/private/strongswanKey.pem "passwd1"
> :XAUTH user "!passwd2"
That doesn't look valid, either. Refer to the ipsec.secrets manpage for
syntax details,  has an example as well.
> 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> 08[NET] sending packet: from serveripv61 to clientipv61 (333 bytes)
> 09[NET] received packet: from clientipv61 to serveripv61 (528 bytes)
> 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 09[IKE] received retransmit of request with ID 0, retransmitting response
Your client seems to retransmit the IKE_SA_INIT request, most likely
because it doesn't get the response message. Possible that it gets lost
on the path; a packet sniffer can help to see where it gets lost. As
fragmentation is very unlikely for that message, this might be related
to a firewall rule somewhere on your path.
More information about the Users