[strongSwan] IPv6 IKEv2 Road Warrior Part 2

Randy Wyatt rwwyatt01 at gmail.com
Wed Oct 8 19:38:12 CEST 2014 

Hi all,

  First,  Thank you for all the help.

I have reconfigured my VPN server to match the configuration specified in
https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

I am still not making progress though.  The following is the output of
/var/log/messages

Oct  8 12:16:13 ares charon: 14[NET] received packet: from clientipv61[500]
to serveripv61[500] (528 bytes)
Oct  8 12:16:13 ares charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Oct  8 12:16:13 ares charon: 14[IKE] clientipv61 is initiating an IKE_SA
Oct  8 12:16:13 ares charon: 14[IKE] IKE_SA (unnamed)[4] state change:
CREATED => CONNECTING
Oct  8 12:16:13 ares charon: 14[IKE] natd_chunk => 34 bytes @ 0x7fb6fc002930
Oct  8 12:16:13 ares charon: 14[IKE]    0: 91 B7 76 13 D5 E1 9A 43 00 00 00
00 00 00 00 00  ..v....C........
Oct  8 12:16:13 ares charon: 14[IKE]   16: 26 07 F0 D0 11 01 01 C2 00 00 00
00 00 00 00 02  &...............
Oct  8 12:16:13 ares charon: 14[IKE]   32: 01 F4
                 ..
Oct  8 12:16:13 ares charon: 14[IKE] natd_hash => 20 bytes @ 0x7fb6fc0067c0
Oct  8 12:16:13 ares charon: 14[IKE]    0: 08 79 FD 25 03 DD 8F 9D 41 D7 C1
CE D9 D8 F0 42  .y.%....A......B
Oct  8 12:16:13 ares charon: 14[IKE]   16: 91 F1 55 CE
                 ..U.
Oct  8 12:16:13 ares charon: 14[IKE] natd_chunk => 34 bytes @ 0x7fb6fc002930
Oct  8 12:16:13 ares charon: 14[IKE]    0: 91 B7 76 13 D5 E1 9A 43 00 00 00
00 00 00 00 00  ..v....C........
Oct  8 12:16:13 ares charon: 14[IKE]   16: 26 00 10 12 B1 18 0B D1 D9 E8 09
0B 50 0F 76 E8  &...........P.v.
Oct  8 12:16:13 ares charon: 14[IKE]   32: 01 F4
                 ..
Oct  8 12:16:13 ares charon: 14[IKE] natd_hash => 20 bytes @ 0x7fb6fc006700
Oct  8 12:16:13 ares charon: 14[IKE]    0: 65 0A D6 C4 7B 0B 23 0A 92 67 BA
C9 EA E7 EE B1  e...{.#..g......
Oct  8 12:16:13 ares charon: 14[IKE]   16: 92 29 7E CA
                 .)~.
Oct  8 12:16:13 ares charon: 14[IKE] precalculated src_hash => 20 bytes @
0x7fb6fc006700
Oct  8 12:16:13 ares charon: 14[IKE]    0: 65 0A D6 C4 7B 0B 23 0A 92 67 BA
C9 EA E7 EE B1  e...{.#..g......
Oct  8 12:16:13 ares charon: 14[IKE]   16: 92 29 7E CA
                 .)~.
Oct  8 12:16:13 ares charon: 14[IKE] precalculated dst_hash => 20 bytes @
0x7fb6fc0067c0
Oct  8 12:16:13 ares charon: 14[IKE]    0: 08 79 FD 25 03 DD 8F 9D 41 D7 C1
CE D9 D8 F0 42  .y.%....A......B
Oct  8 12:16:13 ares charon: 14[IKE]   16: 91 F1 55 CE
                 ..U.
Oct  8 12:16:13 ares charon: 14[IKE] received src_hash => 20 bytes @
0x7fb6fc002c50
Oct  8 12:16:13 ares charon: 14[IKE]    0: 65 0A D6 C4 7B 0B 23 0A 92 67 BA
C9 EA E7 EE B1  e...{.#..g......
Oct  8 12:16:13 ares charon: 14[IKE]   16: 92 29 7E CA
                 .)~.
Oct  8 12:16:13 ares charon: 14[IKE] received dst_hash => 20 bytes @
0x7fb6fc002d70
Oct  8 12:16:13 ares charon: 14[IKE]    0: 08 79 FD 25 03 DD 8F 9D 41 D7 C1
CE D9 D8 F0 42  .y.%....A......B
Oct  8 12:16:13 ares charon: 14[IKE]   16: 91 F1 55 CE
                 ..U.
Oct  8 12:16:13 ares charon: 14[IKE] natd_chunk => 34 bytes @ 0x7fb6fc006560
Oct  8 12:16:13 ares charon: 14[IKE]    0: 91 B7 76 13 D5 E1 9A 43 FB 40 DD
6E 89 36 5E 1F  ..v....C. at .n.6^.
Oct  8 12:16:13 ares charon: 14[IKE]   16: 26 07 F0 D0 11 01 01 C2 00 00 00
00 00 00 00 02  &...............
Oct  8 12:16:13 ares charon: 14[IKE]   32: 01 F4
                 ..
Oct  8 12:16:13 ares charon: 14[IKE] natd_hash => 20 bytes @ 0x7fb6fc003590
Oct  8 12:16:13 ares charon: 14[IKE]    0: C7 A4 FB 14 0F D3 3C D6 BA D8 0B
E0 36 51 C3 50  ......<.....6Q.P
Oct  8 12:16:13 ares charon: 14[IKE]   16: 95 FF 92 F2
                 ....
Oct  8 12:16:13 ares charon: 14[IKE] natd_chunk => 34 bytes @ 0x7fb6fc006560
Oct  8 12:16:13 ares charon: 14[IKE]    0: 91 B7 76 13 D5 E1 9A 43 FB 40 DD
6E 89 36 5E 1F  ..v....C. at .n.6^.
Oct  8 12:16:13 ares charon: 14[IKE]   16: 26 00 10 12 B1 18 0B D1 D9 E8 09
0B 50 0F 76 E8  &...........P.v.
Oct  8 12:16:13 ares charon: 14[IKE]   32: 01 F4
                 ..
Oct  8 12:16:13 ares charon: 14[IKE] natd_hash => 20 bytes @ 0x7fb6fc0036b0
Oct  8 12:16:13 ares charon: 14[IKE]    0: 21 EF E2 E4 7C 8B 26 A5 6D C7 F0
4B 50 35 17 0A  !...|.&.m..KP5..
Oct  8 12:16:13 ares charon: 14[IKE]   16: 00 27 83 31
                 .'.1
Oct  8 12:16:13 ares charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Oct  8 12:16:13 ares charon: 14[NET] sending packet: from serveripv6v1[500]
to clientipv61[500] (312 bytes)
Oct  8 12:16:27 ares kernel: device eth1 left promiscuous mode
Oct  8 12:16:43 ares charon: 15[JOB] deleting half open IKE_SA after timeout
Oct  8 12:16:43 ares charon: 15[IKE] IKE_SA (unnamed)[4] state change:
CONNECTING => DESTROYING

I have verified through Wireshark that we are seeing the IKE_SA_INIT MID=00
Responder Response in Wireshark.

Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141008/0492ce24/attachment-0001.html>

More information about the Users mailing list