[strongSwan] length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid

Andreas Steffen andreas.steffen at strongswan.org
Mon Oct 29 09:09:40 CET 2018

Hi Yogesh,

are you using an unmodified strongSwan peer on the other side or
a third party VPN product? If it is strongSwan, which version are
you using? Could you also send the configuration of the CHILD SA?



On 29.10.2018 06:43, Yogesh Purohit wrote:
> Adding subject line to my query
> On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit
> <yogeshpurohit2 at gmail.com <mailto:yogeshpurohit2 at gmail.com>> wrote:
>     Hi Team,
>     I am trying to establish tunnel with my strongswan.
>     But after receiving IKE_AUTH response my local strongswan end
>     (initiator) rejects tunnel saying ' length of
>     TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid'.
>     And I am unable to get the reason for the same. Because I have
>     configured traffic selectors matching.
>     IKE_Auth response which is recived is of 252 bytes, whereas when my
>     tunnel was established in other case IKE_AUTH response was of 204 bytes.
>     NOTE: I am trying the tunnel with PSK and version is IKEv2.
>     So is there fixed bytes of IKE_AUTH response which is expected by
>     strongswan for PSK.
>     And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure
>     list invalid' means, I tried finding it in RFC, but could not find
>     the same.
>     Thanks & Regards,
>     Yogesh Purohit
> -- 
> Best Regards,
> Yogesh Purohit

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2945 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181029/eb9e1807/attachment.bin>

More information about the Users mailing list