[strongSwan] IKE2 4500 Reply Not Making it Out

Sat Mar 24 23:03:43 CET 2018

You put it in the completely wrong section.
The key is charon.max_packet, not charon.filelog./var/log/charon/.max_packet

On 24.03.2018 22:56, Info wrote:
>
> On 03/24/2018 02:39 PM, Noel Kuntze wrote:
>> After two minutes of searching the strongSwan github mirror for the error message, I can tell you that the problem is that the assembled IKE message exceeds charon.max_packet, which defaults to 10000.
>> Simply raise that limit in charon.conf. E.g. to 30000.
> Would but that have fixed it, but there is no change in the symptom.
>
> I don't think I've been negligent because G**gle couldn't find that.  I guess many know that G**gle has been eliminating alot of technical search results lately.  I am dealing with so many other problems that I would never have thought to search the source code.
>
> If I'm understanding you correctly, I need to change /etc/strongswan/strongswan.d/charon.conf to this:
>
> charon {
>
>         filelog {
>                 /var/log/charon.log {
>                 time_format = %a, %Y-%m-%d %R
>                 ike_name = yes
>                 append = no
>                 default = 2
>                 flush_line = yes
>                 max_packet = 30000
>
>                 mgr = 0
>                 net = 1
>                 enc = 1
>                 asn = 1
>                 job = 1
>                 knl = 1
>                 }
>         }
> }
>
> ... then
> # systemctl stop strongswan-swanctl
> # systemctl start strongswan-swanctl
>
> There is no change in the symptom, which would have been doubly baffling if I -had- managed to find the error in the source.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180324/8c4629e4/attachment-0001.sig>