Bug #533
Updated by Tobias Brunner over 11 years ago
Hi,
I have a tomato firmware on my Asus RT-N16 router and Strongswan installed from Entware. While connecting with IPSec to Dlink DI-824VUP+ I see the following errors in LOG:
<pre>
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] invalid SPI length in IKE proposal
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] PROPOSAL_SUBSTRUCTURE verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] SECURITY_ASSOCIATION_V1 payload verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[IKE] message verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] generating INFORMATIONAL_V1 request 2202842332 [ N(PLD_MAL) ]
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[NET] sending packet: from asus_ip[500] to dlink_ip[500] (40 bytes)
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[IKE] ID_PROT request with message ID 0 processing failed
</pre>
Tested IPSec connection with the other router Linksys WRV200, both routers connect to it successfully.
Here is my ipsec.conf:
<pre>
config setup
charondebug=all
conn %default
ikelifetime=60
keylife=480
keyingtries=3
keyexchange=ikev1
authby=psk
auth=esp
ike=des-md5-modp1024
esp=des-md5-modp1024
conn sheffapollo
left=asus_ip
leftsubnet=192.168.1.0/24
leftid=asus_ip
leftfirewall=yes
right=dlink_ip
rightsubnet=192.168.0.0/24
rightid=dlink_ip
</pre>
I have a tomato firmware on my Asus RT-N16 router and Strongswan installed from Entware. While connecting with IPSec to Dlink DI-824VUP+ I see the following errors in LOG:
<pre>
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] invalid SPI length in IKE proposal
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] PROPOSAL_SUBSTRUCTURE verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] SECURITY_ASSOCIATION_V1 payload verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[IKE] message verification failed
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[ENC] generating INFORMATIONAL_V1 request 2202842332 [ N(PLD_MAL) ]
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[NET] sending packet: from asus_ip[500] to dlink_ip[500] (40 bytes)
Feb 26 18:03:31 apollo-router daemon.info syslog: 13[IKE] ID_PROT request with message ID 0 processing failed
</pre>
Tested IPSec connection with the other router Linksys WRV200, both routers connect to it successfully.
Here is my ipsec.conf:
<pre>
config setup
charondebug=all
conn %default
ikelifetime=60
keylife=480
keyingtries=3
keyexchange=ikev1
authby=psk
auth=esp
ike=des-md5-modp1024
esp=des-md5-modp1024
conn sheffapollo
left=asus_ip
leftsubnet=192.168.1.0/24
leftid=asus_ip
leftfirewall=yes
right=dlink_ip
rightsubnet=192.168.0.0/24
rightid=dlink_ip
</pre>