[strongSwan] length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid
yogeshpurohit2 at gmail.com
Mon Oct 29 10:25:10 CET 2018
No it is not strongswan on peer end. I am using third party VPN.
So is the IKE_AUTH packet size is fixed to 204 bytes for PSK mode and
anything exceeding that can be Invalid length.
Configuration on my side is:
ikelifetime = 28800s
type = tunnel
lifetime = 3600s
dpddelay = 30
dpdaction = restart
reauth = no
mobike = no #disable mobike - no use case
keyexchange = ikev2
auto = add
fragmentation = yes
Thanks & Regards,
On Mon, Oct 29, 2018 at 1:39 PM Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Yogesh,
> are you using an unmodified strongSwan peer on the other side or
> a third party VPN product? If it is strongSwan, which version are
> you using? Could you also send the configuration of the CHILD SA?
> On 29.10.2018 06:43, Yogesh Purohit wrote:
> > Adding subject line to my query
> > On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit
> > <yogeshpurohit2 at gmail.com <mailto:yogeshpurohit2 at gmail.com>> wrote:
> > Hi Team,
> > I am trying to establish tunnel with my strongswan.
> > But after receiving IKE_AUTH response my local strongswan end
> > (initiator) rejects tunnel saying ' length of
> > TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid'.
> > And I am unable to get the reason for the same. Because I have
> > configured traffic selectors matching.
> > IKE_Auth response which is recived is of 252 bytes, whereas when my
> > tunnel was established in other case IKE_AUTH response was of 204
> > NOTE: I am trying the tunnel with PSK and version is IKEv2.
> > So is there fixed bytes of IKE_AUTH response which is expected by
> > strongswan for PSK.
> > And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure
> > list invalid' means, I tried finding it in RFC, but could not find
> > the same.
> > Thanks & Regards,
> > Yogesh Purohit
> > --
> > Best Regards,
> > Yogesh Purohit
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users