[strongSwan] ipsec.conf working vs swanctl.conf not working

Tobias Brunner tobias at strongswan.org
Mon May 7 10:33:13 CEST 2018


Hi Marco,

> I have found the problematic parameter:
> 
> reauth_time
> 
> decreasing from 24h to 20h I got this message:
> 
> [IKE] initiating Main Mode IKE_SA cbt[874] to 31.169.105.210
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (248 bytes)
> [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (140 bytes)
> [ENC] parsed ID_PROT response 0 [ SA V V V ]
> [ENC] received unknown vendor ID: 4f:45:68:79:4c:64:41:43:65:63:66:61
> [IKE] received DPD vendor ID
> [IKE] received NAT-T (RFC 3947) vendor ID
> [ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
> [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (244 bytes)
> [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (228 bytes)
> [ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
> [ENC] generating ID_PROT request 0 [ ID HASH ]
> [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (68 bytes)
> [NET] received packet: from 31.169.105.210[500] to 205.223.229.254[500] (40 bytes)
> [ENC] parsed INFORMATIONAL_V1 request 2534754901 [ N(PLD_MAL) ]

Could indicate a wrong password.  As that seems to be a response to the
first encrypted message.

Regards,
Tobias


More information about the Users mailing list