[strongSwan] Windows VPN client issue with Strongswan
Tobias Brunner
tobias at strongswan.org
Mon Oct 12 16:58:41 CEST 2020
Hi Makarand,
> 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
> 06[NET] sending packet: from 10.10.5.1[500] to 10.10.5.7[500] (353 bytes)
> 15[JOB] deleting half open IKE_SA with 10.10.5.7 after timeout
This could indicate an IP fragmentation issue (IKE_AUTH too large with
certificate and certificate requests, fragments dropped). But since
both peers support IKEv2 fragmentation (FRAG_SUP) that seems unlikely.
While there is no NAT between the hosts, with MOBIKE there will still be
a switch to UDP port 4500, so make sure no firewall blocks that port.
What error is the client reporting exactly? Does it actually send an
IKE_AUTH request?
> I was expecting a windows cert request. Instead I see a CA Cert req.
The request is for certificates issued by that CA.
Regards,
Tobias
More information about the Users
mailing list