[strongSwan] received retransmit of response with ID 0, but next request already sent

Matt Wright mwright at forteholdings.com
Tue Apr 7 00:45:23 CEST 2020


I've been trying to make a connection between my home PC and the Watchguard XTM330 we have at the office.

I'll fully admit that I know enough about all of this to be dangerous, and have muddled my way through things, as best I can, so the connection atleast appears to be trying to connect


however quickly after starting the tunnel, I get a series of repeating messages about receiving re transmits of responses, and that's about as far as things go

I've changed a bunch of settings on each side and have never progressed any further than this.  both sides are behind NAT, and as far as I'm aware all ports are properly forwarded.

could anyone shed some light on this one for me ?  would greatly appreciate any help I could get



------------------ local config

conn work
   ikelifetime=86400
        keylife=21600
        rekeymargin=3m
        keyingtries=10
        authby=psk
        auto=add
        type=tunnel
        leftid=vpnrm.forteholdings.com
        left=192.168.1.1
        leftsubnet=192.168.1.0/24
        rightid=10.4.100.69
        right=162.217.18.115
        rightsubnet=10.4.100.69/24
        ike=aes256-sha256-modp2048 #Internet key exchange, type of encryption
        keyexchange=ikev1 #Internet key exchange version
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart


----------remote config (sorry for images)

[cid:part1.7C694EFD.3F5C0E0D at forteholdings.com]

[cid:part2.F97200CA.723B9D6C at forteholdings.com]

-----------output from my home -----

initiating Main Mode IKE_SA forte[1] to 162.217.18.115
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.1[500] to 162.217.18.115[500] (252 bytes)
received packet: from 162.217.18.115[500] to 192.168.1.1[500] (140 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.1[500] to 162.217.18.115[500] (396 bytes)
received packet: from 162.217.18.115[500] to 192.168.1.1[500] (372 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
remote host is behind NAT
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)
received retransmit of response with ID 0, but next request already sent
sending retransmit 1 of request message ID 0, seq 3
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)
received retransmit of response with ID 0, but next request already sent
sending retransmit 2 of request message ID 0, seq 3
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
received packet: from 162.217.18.115[4500] to 192.168.1.1[4500] (372 bytes)
received retransmit of response with ID 0, but next request already sent
sending retransmit 3 of request message ID 0, seq 3
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
sending keep alive to 162.217.18.115[4500]
sending retransmit 4 of request message ID 0, seq 3
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
sending keep alive to 162.217.18.115[4500]
sending keep alive to 162.217.18.115[4500]
sending retransmit 5 of request message ID 0, seq 3
sending packet: from 192.168.1.1[4500] to 162.217.18.115[4500] (108 bytes)
sending keep alive to 162.217.18.115[4500]
sending keep alive to 162.217.18.115[4500]
sending keep alive to 162.217.18.115[4500]
giving up after 5 retransmits


----------- output from remote host (not strongswan)

2020-04-06 16:19:37 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672     Debug
2020-04-06 16:19:37 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload   Debug
2020-04-06 16:19:41 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672     Debug
2020-04-06 16:19:41 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload   Debug
2020-04-06 16:19:48 iked (10.4.100.69<->108.215.156.96)Check Payloads : illegal payload length(0) total=672     Debug
2020-04-06 16:19:48 iked (10.4.100.69<->108.215.156.96)Process 5/6 Msg : failed to process ID payload   Debug
2020-04-06 16:19:53 iked (10.4.100.69<->108.215.156.96)Delete QM State: QM_INIT_PENDING state decrement pendingP2SARequest 0    Debug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200406/7d55cff7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enjlcmggdaooajjj.png
Type: image/png
Size: 24193 bytes
Desc: enjlcmggdaooajjj.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200406/7d55cff7/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: micagodogelpbdgf.png
Type: image/png
Size: 20204 bytes
Desc: micagodogelpbdgf.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200406/7d55cff7/attachment-0003.png>


More information about the Users mailing list