[strongSwan] payload of type AUTH more than 1 times (2) occurred in current message
Alexis Salinas
asalinas at sierrawireless.com
Mon Jul 13 21:23:23 CEST 2015
Hello All,
I'm testing strongSwan as a VPN gateway for a 3rd party VPN client. PSK and certificate authentication works fine, but when testing EAP-TLS and I get this error message on the strongSwan side, after the EAP authentication succeeds.
Jul 10 16:42:11 debian-vm1-alexis charon: 14[ENC] payload of type AUTH more than 1 times (2) occurred in current message
Jul 10 16:42:11 debian-vm1-alexis charon: 14[IKE] message verification failed
See attachment for full logs.
Here is my strongSwan configuration:
# ipsec.conf - strongSwan IPsec configuration file
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn rw-eap-tls
left=10.1.65.147
leftid=ocm at test.org
leftsubnet=10.99.0.0/24
leftcert=ocmCert.pem
leftauth=pubkey
leftfirewall=yes
rightsourceip=172.22.0.0/24
rightauth=eap-radius
rightsendcert=never
right=%any
auto=add
eap_identity=%identity
Does any of you know what this is about?
what is strongSwan expecting at this point? Looking at the RFC [1] there should be a message type AUTH (message 7).
I can enable more logging if needed.
Thanks.
Alexis.
[1] : https://tools.ietf.org/html/rfc7296#section-2.16
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: strongswan-logs.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150713/9fb4ced9/attachment-0001.txt>
More information about the Users
mailing list