Issue #743
Updated by Tobias Brunner almost 11 years ago
Hi.
I was use below config at 5.2.0 and with radius, success connect IOS, Andriod phone
but did not connect after upgrade 5.2.1
What's wrong?
<pre>
====
2014-10-21 15:48:38 charon: 12[JOB] deleting half open IKE_SA after timeout
2014-10-21 15:48:36 charon: 11[JOB] deleting half open IKE_SA after timeout
2014-10-21 15:48:18 charon: 01[IKE] ID_PROT request with message ID 0 processing failed
2014-10-21 15:48:18 charon: 01[NET] sending packet: from *.*.196.23[500] to 175.207.77.5[500] (68 bytes)
2014-10-21 15:48:18 charon: 01[ENC] generating INFORMATIONAL_V1 request 4149959442 [ HASH N(PLD_MAL) ]
2014-10-21 15:48:18 charon: 01[IKE] message parsing failed
2014-10-21 15:48:18 charon: 01[ENC] could not decrypt payloads
2014-10-21 15:48:18 charon: 01[ENC] invalid ID_V1 payload length, decryption failed?
2014-10-21 15:48:18 charon: 01[NET] received packet: from 175.207.77.5[500] to *.*.196.23[500] (68 bytes)
2014-10-21 15:48:17 charon: 16[IKE] ID_PROT request with message ID 0 processing failed
2014-10-21 15:48:17 charon: 16[NET] sending packet: from *.*.196.23[500] to *.*.195.224[500] (68 bytes)
2014-10-21 15:48:17 charon: 16[ENC] generating INFORMATIONAL_V1 request 3609038205 [ HASH N(PLD_MAL) ]
#cat ipsec.conf catipsec.conf
config setup
cachecrls=yes
uniqueids=yes
conn AnyVPN-IKE
keyexchange=ikev1
authby=xauthpsk
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightsubnet=10.7.0.0/24
rightsourceip=%radius
auto=add
#cat ipsec.secrets
%any : PSK "secret123"
#cat strongswan.conf
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
#strongswan --version
Linux strongSwan U5.2.1/K2.6.32-220.el6.i686
</pre>
I was use below config at 5.2.0 and with radius, success connect IOS, Andriod phone
but did not connect after upgrade 5.2.1
What's wrong?
<pre>
====
2014-10-21 15:48:38 charon: 12[JOB] deleting half open IKE_SA after timeout
2014-10-21 15:48:36 charon: 11[JOB] deleting half open IKE_SA after timeout
2014-10-21 15:48:18 charon: 01[IKE] ID_PROT request with message ID 0 processing failed
2014-10-21 15:48:18 charon: 01[NET] sending packet: from *.*.196.23[500] to 175.207.77.5[500] (68 bytes)
2014-10-21 15:48:18 charon: 01[ENC] generating INFORMATIONAL_V1 request 4149959442 [ HASH N(PLD_MAL) ]
2014-10-21 15:48:18 charon: 01[IKE] message parsing failed
2014-10-21 15:48:18 charon: 01[ENC] could not decrypt payloads
2014-10-21 15:48:18 charon: 01[ENC] invalid ID_V1 payload length, decryption failed?
2014-10-21 15:48:18 charon: 01[NET] received packet: from 175.207.77.5[500] to *.*.196.23[500] (68 bytes)
2014-10-21 15:48:17 charon: 16[IKE] ID_PROT request with message ID 0 processing failed
2014-10-21 15:48:17 charon: 16[NET] sending packet: from *.*.196.23[500] to *.*.195.224[500] (68 bytes)
2014-10-21 15:48:17 charon: 16[ENC] generating INFORMATIONAL_V1 request 3609038205 [ HASH N(PLD_MAL) ]
#cat ipsec.conf catipsec.conf
config setup
cachecrls=yes
uniqueids=yes
conn AnyVPN-IKE
keyexchange=ikev1
authby=xauthpsk
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=%any
rightsubnet=10.7.0.0/24
rightsourceip=%radius
auto=add
#cat ipsec.secrets
%any : PSK "secret123"
#cat strongswan.conf
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
include strongswan.d/*.conf
#strongswan --version
Linux strongSwan U5.2.1/K2.6.32-220.el6.i686
</pre>