[strongSwan] Working simple setup was working, now no packets pass
James Lay
jlay at slave-tothe-box.net
Mon Mar 2 14:44:56 CET 2015
On Mon, 2015-03-02 at 10:53 +0100, Martin Willi wrote:
> Hi James,
>
> > Here's the log with error...
>
> > 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]
> > 08[NET] sending packet: from server.external.ip[4500] to client.external.ip[15546] (2204 bytes)
> > 11[NET] received packet: from client.external.ip[15546] to server.external.ip[4500] (1916 bytes)
> > 11[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
> > 11[IKE] received retransmit of request with ID 1, retransmitting response
>
> I don't see much of an error here. The client is successfully
> authenticated and the SA is set up. The client retransmits the IKE_AUTH
> request, most likely because the first IKE_AUTH response gets lost.
>
> Please check where/why the message gets lost if this is reproducible,
> and what the error is on the client.
>
> Regards
> Martin
Thanks for looking at this Martin. As I look more at this from the
client side, this might be a same subnet type issue. I'm using a linux
laptop via a tethered phone for testing and the interface gets assigned
a 192.168.0 address, which is pretty close to mine. Look like I'll have
to bite the bullet and change the ipsec info to something different like
172.16 or something like that. I can say that this same phone can
connect using this exact same setup (client cert is a p12 though) and it
works just fine. I'll make the change and report my findings...thanks
so much.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150302/9f3cc426/attachment.html>
More information about the Users
mailing list