[strongSwan] Reconnect failed with android phone

JWD j-wd at 163.com
Wed Jan 10 15:34:56 CET 2018


I'm using a android phone.
After upgrade to strongswan-5.6.1, I connect to strongswan, then disconnect, then reconnect, but failed.
Config and log is blow.
Can anyone help me, thanks.

conn XAuth-PSK
    keyexchange=ikev1
    ike=aes256-sha1-modp1024,aes256-sha256-modp1024,3des-sha1-modp1024!
    esp=aes256-sha1,aes256-sha256,3des-sha1!
    left=%any
    leftauth=psk
    leftsubnet=0.0.0.0/0
    #leftfirewall=yes
    right=%any
    rightauth=psk
    rightauth2=xauth
    #rightauth2=xauth-radius | xauth-generic | xauth-pam | xauth-eap
    rightsourceip=172.31.254.0/24
    auto=add

Jan 10 22:22:37 09[NET] <3> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (476 bytes)
Jan 10 22:22:37 09[ENC] <3> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Jan 10 22:22:37 09[IKE] <3> received NAT-T (RFC 3947) vendor ID
Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 10 22:22:37 09[IKE] <3> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 10 22:22:37 09[IKE] <3> received XAuth vendor ID
Jan 10 22:22:37 09[IKE] <3> received Cisco Unity vendor ID
Jan 10 22:22:37 09[IKE] <3> received FRAGMENTATION vendor ID
Jan 10 22:22:37 09[IKE] <3> received DPD vendor ID
Jan 10 22:22:37 09[IKE] <3> 117.100.110.176 is initiating a Main Mode IKE_SA
Jan 10 22:22:37 09[ENC] <3> generating ID_PROT response 0 [ SA V V V V ]
Jan 10 22:22:37 09[NET] <3> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (160 bytes)
Jan 10 22:22:37 10[NET] <3> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (228 bytes)
Jan 10 22:22:37 10[ENC] <3> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 10 22:22:37 10[IKE] <3> local host is behind NAT, sending keep alives
Jan 10 22:22:37 10[IKE] <3> remote host is behind NAT
Jan 10 22:22:37 10[ENC] <3> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 10 22:22:37 10[NET] <3> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (244 bytes)
Jan 10 22:22:37 11[NET] <3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)
Jan 10 22:22:37 11[ENC] <3> parsed ID_PROT request 0 [ ID HASH ]
Jan 10 22:22:37 11[CFG] <3> looking for XAuthInitPSK peer configs matching 172.31.2.1...117.100.110.176[192.168.99.102]
Jan 10 22:22:37 11[CFG] <3> selected peer config "XAuth-PSK"
Jan 10 22:22:37 11[ENC] <XAuth-PSK|3> generating ID_PROT response 0 [ ID HASH ]
Jan 10 22:22:37 11[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)
Jan 10 22:22:37 11[ENC] <XAuth-PSK|3> generating TRANSACTION request 3859775034 [ HASH CPRQ(X_USER X_PWD) ]
Jan 10 22:22:37 11[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)
Jan 10 22:22:37 12[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (108 bytes)
Jan 10 22:22:37 12[ENC] <XAuth-PSK|3> parsed INFORMATIONAL_V1 request 3696968083 [ HASH N(INITIAL_CONTACT) ]
Jan 10 22:22:37 16[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (108 bytes)
Jan 10 22:22:37 16[ENC] <XAuth-PSK|3> parsed TRANSACTION response 3859775034 [ HASH CPRP(X_USER X_PWD) ]
Jan 10 22:22:37 16[CFG] <XAuth-PSK|3> sending RADIUS Access-Request to server '127.0.0.1'
Jan 10 22:22:37 16[CFG] <XAuth-PSK|3> received RADIUS Access-Accept from server '127.0.0.1'
Jan 10 22:22:37 16[IKE] <XAuth-PSK|3> XAuth authentication of 'vpnuser1' successful
Jan 10 22:22:37 16[ENC] <XAuth-PSK|3> generating TRANSACTION request 4237587337 [ HASH CPS(X_STATUS) ]
Jan 10 22:22:37 16[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (76 bytes)
Jan 10 22:22:37 03[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)
Jan 10 22:22:37 03[ENC] <XAuth-PSK|3> parsed TRANSACTION response 4237587337 [ HASH CPA(X_STATUS) ]
Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> IKE_SA XAuth-PSK[3] established between 172.31.2.1[172.31.2.1]...117.100.110.176[192.168.99.102]
Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> scheduling reauthentication in 10239s
Jan 10 22:22:37 03[IKE] <XAuth-PSK|3> maximum IKE_SA lifetime 10779s
Jan 10 22:22:37 04[NET] <XAuth-PSK|3> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (124 bytes)
Jan 10 22:22:37 04[ENC] <XAuth-PSK|3> parsed TRANSACTION request 3008611662 [ HASH CPRQ(ADDR MASK DNS NBNS U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN VER) ]
Jan 10 22:22:37 04[IKE] <XAuth-PSK|3> peer requested virtual IP %any
Jan 10 22:22:37 04[CFG] <XAuth-PSK|3> assigning new lease to 'vpnuser1'
Jan 10 22:22:37 04[IKE] <XAuth-PSK|3> assigning virtual IP 172.31.254.1 to peer 'vpnuser1'
Jan 10 22:22:37 04[ENC] <XAuth-PSK|3> generating TRANSACTION response 3008611662 [ HASH CPRP(ADDR DNS NBNS DNS NBNS) ]
Jan 10 22:22:37 04[NET] <XAuth-PSK|3> sending packet: from 172.31.2.1[4500] to 117.100.110.176[4500] (108 bytes)

Jan 10 22:22:55 15[NET] <4> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (476 bytes)
Jan 10 22:22:55 15[ENC] <4> parsed ID_PROT request 0 [ SA V V V V V V V V ]
Jan 10 22:22:55 15[IKE] <4> received NAT-T (RFC 3947) vendor ID
Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 10 22:22:55 15[IKE] <4> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 10 22:22:55 15[IKE] <4> received XAuth vendor ID
Jan 10 22:22:55 15[IKE] <4> received Cisco Unity vendor ID
Jan 10 22:22:55 15[IKE] <4> received FRAGMENTATION vendor ID
Jan 10 22:22:55 15[IKE] <4> received DPD vendor ID
Jan 10 22:22:55 15[IKE] <4> 117.100.110.176 is initiating a Main Mode IKE_SA
Jan 10 22:22:55 15[ENC] <4> generating ID_PROT response 0 [ SA V V V V ]
Jan 10 22:22:55 15[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (160 bytes)
Jan 10 22:22:55 07[NET] <4> received packet: from 117.100.110.176[500] to 172.31.2.1[500] (228 bytes)
Jan 10 22:22:55 07[ENC] <4> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 10 22:22:55 07[IKE] <4> local host is behind NAT, sending keep alives
Jan 10 22:22:55 07[IKE] <4> remote host is behind NAT
Jan 10 22:22:55 07[ENC] <4> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jan 10 22:22:55 07[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (244 bytes)
Jan 10 22:22:55 09[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)
Jan 10 22:22:55 09[ENC] <4> invalid ID_V1 payload length, decryption failed?
Jan 10 22:22:55 09[ENC] <4> could not decrypt payloads
Jan 10 22:22:55 09[IKE] <4> message parsing failed
Jan 10 22:22:55 09[ENC] <4> generating INFORMATIONAL_V1 request 115749929 [ HASH N(PLD_MAL) ]
Jan 10 22:22:55 09[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)
Jan 10 22:22:55 09[IKE] <4> ID_PROT request with message ID 0 processing failed
Jan 10 22:22:58 10[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)
Jan 10 22:22:58 10[ENC] <4> invalid ID_V1 payload length, decryption failed?
Jan 10 22:22:58 10[ENC] <4> could not decrypt payloads
Jan 10 22:22:58 10[IKE] <4> message parsing failed
Jan 10 22:22:58 10[ENC] <4> generating INFORMATIONAL_V1 request 3790107254 [ HASH N(PLD_MAL) ]
Jan 10 22:22:58 10[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)
Jan 10 22:22:58 10[IKE] <4> ID_PROT request with message ID 0 processing failed
Jan 10 22:23:01 11[NET] <4> received packet: from 117.100.110.176[4500] to 172.31.2.1[4500] (92 bytes)
Jan 10 22:23:01 11[ENC] <4> invalid ID_V1 payload length, decryption failed?
Jan 10 22:23:01 11[ENC] <4> could not decrypt payloads
Jan 10 22:23:01 11[IKE] <4> message parsing failed
Jan 10 22:23:01 11[ENC] <4> generating INFORMATIONAL_V1 request 142288792 [ HASH N(PLD_MAL) ]
Jan 10 22:23:01 11[NET] <4> sending packet: from 172.31.2.1[500] to 117.100.110.176[500] (76 bytes)
Jan 10 22:23:01 11[IKE] <4> ID_PROT request with message ID 0 processing failed




JWD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180110/7406f87b/attachment-0001.html>


More information about the Users mailing list