[strongSwan] received retransmit of response with ID 0, but next request already sent

Axel Zöllich faxel at zoellich.de
Wed Oct 22 13:19:25 CEST 2014 

Why is this negotiation drifting away? The retransmit (12:56:39) contains 
exactly the same data as the package from 12:56:36. (checked with wireshark)

Oct 22 12:56:36 08[CFG] received stroke: initiate 'jung'
Oct 22 12:56:36 09[IKE] <jung|122> initiating Main Mode IKE_SA jung[122] to 
217.86.257.203
Oct 22 12:56:36 09[ENC] <jung|122> generating ID_PROT request 0 [ SA V V V V ]
Oct 22 12:56:36 09[NET] <jung|122> sending packet: from 80.152.262.292[500] to 
217.86.257.203[500] (192 bytes)
Oct 22 12:56:36 13[NET] <jung|122> received packet: from 217.86.257.203[500] 
to 80.152.262.292[500] (124 bytes)
Oct 22 12:56:36 13[ENC] <jung|122> parsed ID_PROT response 0 [ SA V V ]
Oct 22 12:56:36 13[IKE] <jung|122> received DPD vendor ID
Oct 22 12:56:36 13[IKE] <jung|122> received NAT-T (RFC 3947) vendor ID
Oct 22 12:56:36 13[ENC] <jung|122> generating ID_PROT request 0 [ KE No NAT-D 
NAT-D ]
Oct 22 12:56:36 13[NET] <jung|122> sending packet: from 80.152.262.292[500] to 
217.86.257.203[500] (372 bytes)
Oct 22 12:56:36 07[NET] <jung|122> received packet: from 217.86.257.203[500] 
to 80.152.262.292[500] (356 bytes)
Oct 22 12:56:36 07[ENC] <jung|122> parsed ID_PROT response 0 [ KE No NAT-D 
NAT-D ]
Oct 22 12:56:36 07[ENC] <jung|122> generating ID_PROT request 0 [ ID HASH ]
Oct 22 12:56:36 07[NET] <jung|122> sending packet: from 80.152.262.292[500] to 
217.86.257.203[500] (68 bytes)
Oct 22 12:56:39 07[NET] <jung|122> received packet: from 217.86.257.203[500] 
to 80.152.262.292[500] (356 bytes)
Oct 22 12:56:39 07[IKE] <jung|122> received retransmit of response with ID 0, 
but next request already sent
Oct 22 12:56:40 15[IKE] <jung|122> sending retransmit 1 of request message ID 
0, seq 3
Oct 22 12:56:40 15[NET] <jung|122> sending packet: from 80.152.262.292[500] to 
217.86.257.203[500] (68 bytes)
Oct 22 12:56:45 04[NET] <jung|122> received packet: from 217.86.257.203[500] 
to 80.152.262.292[500] (356 bytes)
Oct 22 12:56:45 04[IKE] <jung|122> received retransmit of response with ID 0, 
but next request already sent
Oct 22 12:56:47 07[IKE] <jung|122> sending retransmit 2 of request message ID 
0, seq 3
Oct 22 12:56:47 07[NET] <jung|122> sending packet: from 80.152.262.292[500] to 
217.86.257.203[500] (68 bytes)


strongswan 5.1.1

conn jung
        ikelifetime=86400
        keylife=21600
        keyingtries=20
        esp=3des-sha1-modp2048
        ike=3des-sha1-modp2048
        left=80.152.262.292
        leftsubnet=192.168.222.0/24
        leftid=217.86.257.203
        leftfirewall=yes
        right=217.86.257.203
        rightsubnet=192.168.1.0/24
        rightid=%any
        #auto=start
        auto=route
        #auto=add


-- 
Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau.

More information about the Users mailing list