[strongSwan] Don't know where to start

Rene Maurer rmnet at mailc.net
Tue Apr 25 20:04:45 CEST 2017

Hello Noel

Noel Kuntze <noel at familie-kuntze.de> wrote :

> (I'm answering this from my original email account now.)

And I see your email now in my email account.

>> But when I look at the log on my site together with
>> "tcpdump -i ppp0", I have the impression that ikev2_auth
>> is sent (once).  
> This looks good. Check if that packet makes it there. Some IKE implementations
> just drop all packets from other peers when authentication fails and report a local
> error instead of sending a noficication back.


Meanwhile I have looked at the time stamps and IMHO they are a little bit strange:

>> Apr 25 16:32:28 daemon.info syslog: 05[NET] sending packet: from[4500] to xxx.137.25.195[4500] (1120 bytes)
>> 16:32:32.802620 IP > xxx. NONESP-encap: isakmp: child_sa  ikev2_auth[I]
>> Apr 25 16:32:32 daemon.info syslog: 03[IKE] retransmit 1 of request with message ID 1

strongSwan[NET] is sending the package 16:32:28.
The package is visible on ppp0 16:32:32.
4 seconds... this seams to be charons retransmit_timeout (which we can see as well).

Is there an explanation for this behavior?

Kind regards,

More information about the Users mailing list