[strongSwan] payload of type AUTH more than 1 times (2) occurred in current message
andreas.steffen at strongswan.org
Tue Jul 14 12:12:29 CEST 2015
it looks as if the 3rd party VPN client sends two AUTH payloads in its
IKE_AUTH request. This does not conform with the IKEv2 RFC. Could you
send me a strongSwan log file with the log level set to
On 07/13/2015 09:23 PM, Alexis Salinas wrote:
> Hello All,
> I'm testing strongSwan as a VPN gateway for a 3rd party VPN client. PSK and certificate authentication works fine, but when testing EAP-TLS and I get this error message on the strongSwan side, after the EAP authentication succeeds.
> Jul 10 16:42:11 debian-vm1-alexis charon: 14[ENC] payload of type AUTH more than 1 times (2) occurred in current message
> Jul 10 16:42:11 debian-vm1-alexis charon: 14[IKE] message verification failed
> See attachment for full logs.
> Here is my strongSwan configuration:
> # ipsec.conf - strongSwan IPsec configuration file
> config setup
> # strictcrlpolicy=yes
> # uniqueids = no
> conn %default
> conn rw-eap-tls
> leftid=ocm at test.org
> Does any of you know what this is about?
> what is strongSwan expecting at this point? Looking at the RFC  there should be a message type AUTH (message 7).
> I can enable more logging if needed.
>  : https://tools.ietf.org/html/rfc7296#section-2.16
> Users mailing list
> Users at lists.strongswan.org
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users