[strongSwan] received retransmit of response with ID 0, but next request already sent

Thomas Egerer hakke_007 at gmx.de
Sun Oct 26 14:57:02 CET 2014


Hi Axel,

sorry for the late reply, but my internet access is a bit
limited right now.

On 10/23/2014 02:07 PM, Axel Zöllich wrote:
> Am Mittwoch, 22. Oktober 2014, 17:49:16 schrieb Axel Zöllich:
>> Right side reseted there "draytek vigor 2860" e voila: le tunnel c'etablit.
>> I don't like this kind of solutions...
> 
> but the right side is still resending a package (13 and 23)?
I'm not sure what you mean by 13 and 23. I can however
see that again your peer is not responding to your first
encrypted request (btw: the connection is supposed to be
authenticated pre-shared keys).
Can you please do the following:
'ipsec stroke loglevel ike 4' # this should show us the
keying material (unlike my first advice it's the ike
facility, not the enc facility).
Then try to get your draytek to initiate the connection
so we can see if the packets can be
a) decrypted
b) authenticated using PSK

Hope that helps.
Thomas


More information about the Users mailing list