[strongSwan] IKE2 4500 Reply Not Making it Out
infosec at quantum-equities.com
Sat Mar 24 22:56:38 CET 2018
On 03/24/2018 02:39 PM, Noel Kuntze wrote:
> After two minutes of searching the strongSwan github mirror for the error message, I can tell you that the problem is that the assembled IKE message exceeds charon.max_packet, which defaults to 10000.
> Simply raise that limit in charon.conf. E.g. to 30000.
Would but that have fixed it, but there is no change in the symptom.
I don't think I've been negligent because G**gle couldn't find that. I
guess many know that G**gle has been eliminating alot of technical
search results lately. I am dealing with so many other problems that I
would never have thought to search the source code.
If I'm understanding you correctly, I need to change
/etc/strongswan/strongswan.d/charon.conf to this:
time_format = %a, %Y-%m-%d %R
ike_name = yes
append = no
default = 2
flush_line = yes
max_packet = 30000
mgr = 0
net = 1
enc = 1
asn = 1
job = 1
knl = 1
# systemctl stop strongswan-swanctl
# systemctl start strongswan-swanctl
There is no change in the symptom, which would have been doubly baffling
if I -had- managed to find the error in the source.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users