[strongSwan] Changing IKE port

Eric Boudrand eric.boudrand at thegreenbow.com
Wed Jul 13 19:04:10 CEST 2016 

Hi Tobias,

> That's unfortunate, because it would have been interesting to see
> whether the client added a non-ESP marker to the packet or not (four
> zero bytes).  If neither port is 500 charon expects that to be the case,
> if not the packet is silently discarded after it has been read from the
> socket.

Sorry. Here is a the complete log. This time, I recompiled Strongswan 
with socket-dynamic plugin.

Jul 13 18:44:44 ikev2 charon: 03[NET] received packet => 184 bytes @ 
0xafaa49f0
Jul 13 18:44:44 ikev2 charon: 03[NET]    0: 46 F9 B2 43 68 DA 95 DA 00 
00 00 00 00 00 00 00  F..Ch...........
Jul 13 18:44:44 ikev2 charon: 03[NET]   16: 01 10 02 00 00 00 00 00 00 
00 00 B8 0D 00 00 38  ...............8
Jul 13 18:44:44 ikev2 charon: 03[NET]   32: 00 00 00 01 00 00 00 01 00 
00 00 2C 01 01 00 01  ...........,....
Jul 13 18:44:44 ikev2 charon: 03[NET]   48: 00 00 00 24 00 01 00 00 80 
01 00 07 80 02 00 04  ...$............
Jul 13 18:44:44 ikev2 charon: 03[NET]   64: 80 03 00 03 80 04 00 05 80 
0B 00 01 80 0C 03 20  ...............
Jul 13 18:44:44 ikev2 charon: 03[NET]   80: 80 0E 00 80 0D 00 00 14 44 
85 15 2D 18 B6 BB CD  ........D..-....
Jul 13 18:44:44 ikev2 charon: 03[NET]   96: 0B E8 A8 46 95 79 DD CC 0D 
00 00 14 90 CB 80 91  ...F.y..........
Jul 13 18:44:44 ikev2 charon: 03[NET]  112: 3E BB 69 6E 08 63 81 B5 EC 
42 7B 1F 0D 00 00 14  >.in.c...B{.....
Jul 13 18:44:44 ikev2 charon: 03[NET]  128: 7D 94 19 A6 53 10 CA 6F 2C 
17 9D 92 15 52 9D 56  }...S..o,....R.V
Jul 13 18:44:44 ikev2 charon: 03[NET]  144: 0D 00 00 14 4A 13 1C 81 07 
03 58 45 5C 57 28 F2  ....J.....XE\W(.
Jul 13 18:44:44 ikev2 charon: 03[NET]  160: 0E 95 45 2F 00 00 00 14 AF 
CA D7 13 68 A1 F1 C9  ..E/........h...
Jul 13 18:44:44 ikev2 charon: 03[NET]  176: 6B 86 96 FC 77 57 01 00 
                     k...wW..
Jul 13 18:44:44 ikev2 charon: 03[NET] received packet: from 
192.168.30.200[6701] to 192.168.30.22[6701]
Jul 13 18:44:44 ikev2 charon: 03[NET] waiting for data on sockets

I am doing my tests with the VPN Client and Strongswan in the same LAN.

Regards.

Eric Boudrand

More information about the Users mailing list