Issue #836
Updated by Tobias Brunner over 10 years ago
<pre>
ipsec.conf
----------
config setup
plutostart=yes
nat_traversal=yes
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftrsasigkey=%cert
rightrsasigkey=%cert
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.2
rightcert=clientCert.pem
pfs=no
dpdaction=clear
auto=add
</pre>
<pre>
log
-------
received packet: from 61.17.42.189[500] to 192.168.0.9[500] (668 bytes)
Jan 28 12:00:13 cloud charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Jan 28 12:00:13 cloud charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received XAuth vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received Cisco Unity vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received FRAGMENTATION vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received DPD vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] 61.17.42.189 is initiating a Main Mode IKE_SA
Jan 28 12:00:13 cloud charon: 09[ENC] generating ID_PROT response 0 [ SA V V V ]
Jan 28 12:00:13 cloud charon: 09[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (136 bytes)
Jan 28 12:00:14 cloud charon: 10[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (292 bytes)
Jan 28 12:00:14 cloud charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 28 12:00:14 cloud charon: 10[IKE] local host is behind NAT, sending keep alives
Jan 28 12:00:14 cloud charon: 10[IKE] remote host is behind NAT
Jan 28 12:00:14 cloud charon: 10[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Jan 28 12:00:14 cloud charon: 10[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:00:14 cloud charon: 10[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ NAT-D NAT-D ]
Jan 28 12:00:14 cloud charon: 10[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (443 bytes)
Jan 28 12:00:14 cloud charon: 11[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (1180 bytes)
Jan 28 12:00:14 cloud charon: 11[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
Jan 28 12:00:14 cloud charon: 11[IKE] ignoring certificate request without data
Jan 28 12:00:14 cloud charon: 11[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] looking for XAuthInitRSA peer configs matching 192.168.0.9...61.17.42.189[C=CH, O=strongSwan, CN=client]
Jan 28 12:00:14 cloud charon: 11[CFG] selected peer config "ios"
Jan 28 12:00:14 cloud charon: 11[CFG] using certificate "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:00:14 cloud charon: 11[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] certificate status is not available
Jan 28 12:00:14 cloud charon: 11[CFG] reached self-signed root ca with a path length of 0
Jan 28 12:00:14 cloud charon: 11[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
Jan 28 12:00:14 cloud charon: 11[IKE] authentication of 'C=CH, O=strongSwan, CN=bsnl.xminds.in' (myself) successful
Jan 28 12:00:14 cloud charon: 11[IKE] sending end entity cert "C=CH, O=strongSwan, CN=bsnl.xminds.in"
Jan 28 12:00:14 cloud charon: 11[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Jan 28 12:00:14 cloud charon: 11[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (1228 bytes)
Jan 28 12:00:14 cloud charon: 11[ENC] generating TRANSACTION request 1448838146 [ HASH CPRQ(X_USER X_PWD) ]
Jan 28 12:00:14 cloud charon: 11[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:14 cloud charon: 12[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (76 bytes)
Jan 28 12:00:14 cloud charon: 12[ENC] invalid HASH_V1 payload length, decryption failed?
Jan 28 12:00:14 cloud charon: 12[ENC] could not decrypt payloads
Jan 28 12:00:14 cloud charon: 12[IKE] message parsing failed
Jan 28 12:00:14 cloud charon: 12[IKE] ignore malformed INFORMATIONAL request
Jan 28 12:00:14 cloud charon: 12[IKE] INFORMATIONAL_V1 request with message ID 1269831636 processing failed
Jan 28 12:00:18 cloud charon: 13[IKE] sending retransmit 1 of request message ID 1448838146, seq 1
Jan 28 12:00:18 cloud charon: 13[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:25 cloud charon: 14[IKE] sending retransmit 2 of request message ID 1448838146, seq 1
Jan 28 12:00:25 cloud charon: 14[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:38 cloud charon: 04[IKE] sending retransmit 3 of request message ID 1448838146, seq 1
Jan 28 12:00:38 cloud charon: 04[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:43 cloud charon: 05[JOB] deleting half open IKE_SA after timeout
Jan 28 12:01:19 cloud charon: 08[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (668 bytes)
Jan 28 12:01:19 cloud charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Jan 28 12:01:19 cloud charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received XAuth vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received Cisco Unity vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received FRAGMENTATION vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received DPD vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] 61.17.42.189 is initiating a Main Mode IKE_SA
Jan 28 12:01:19 cloud charon: 08[ENC] generating ID_PROT response 0 [ SA V V V ]
Jan 28 12:01:19 cloud charon: 08[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (136 bytes)
Jan 28 12:01:20 cloud charon: 09[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (292 bytes)
Jan 28 12:01:20 cloud charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 28 12:01:20 cloud charon: 09[IKE] local host is behind NAT, sending keep alives
Jan 28 12:01:20 cloud charon: 09[IKE] remote host is behind NAT
Jan 28 12:01:20 cloud charon: 09[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Jan 28 12:01:20 cloud charon: 09[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:01:20 cloud charon: 09[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ NAT-D NAT-D ]
Jan 28 12:01:20 cloud charon: 09[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (443 bytes)
Jan 28 12:01:20 cloud charon: 10[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (1180 bytes)
Jan 28 12:01:20 cloud charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
Jan 28 12:01:20 cloud charon: 10[IKE] ignoring certificate request without data
Jan 28 12:01:20 cloud charon: 10[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] looking for XAuthInitRSA peer configs matching 192.168.0.9...61.17.42.189[C=CH, O=strongSwan, CN=client]
Jan 28 12:01:20 cloud charon: 10[CFG] selected peer config "ios"
Jan 28 12:01:20 cloud charon: 10[CFG] using certificate "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:01:20 cloud charon: 10[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] certificate status is not available
Jan 28 12:01:20 cloud charon: 10[CFG] reached self-signed root ca with a path length of 0
Jan 28 12:01:20 cloud charon: 10[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
Jan 28 12:01:20 cloud charon: 10[IKE] authentication of 'C=CH, O=strongSwan, CN=bsnl.xminds.in' (myself) successful
Jan 28 12:01:20 cloud charon: 10[IKE] sending end entity cert "C=CH, O=strongSwan, CN=bsnl.xminds.in"
Jan 28 12:01:20 cloud charon: 10[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Jan 28 12:01:20 cloud charon: 10[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (1228 bytes)
Jan 28 12:01:20 cloud charon: 10[ENC] generating TRANSACTION request 1842749079 [ HASH CPRQ(X_USER X_PWD) ]
Jan 28 12:01:20 cloud charon: 10[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:01:21 cloud charon: 11[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (76 bytes)
Jan 28 12:01:21 cloud charon: 11[ENC] invalid HASH_V1 payload length, decryption failed?
Jan 28 12:01:21 cloud charon: 11[ENC] could not decrypt payloads
Jan 28 12:01:21 cloud charon: 11[IKE] message parsing failed
Jan 28 12:01:21 cloud charon: 11[IKE] ignore malformed INFORMATIONAL request
Jan 28 12:01:21 cloud charon: 11[IKE] INFORMATIONAL_V1 request with message ID 1855757066 processing failed
Jan 28 12:01:24 cloud charon: 12[IKE] sending retransmit 1 of request message ID 1842749079, seq 1
Jan 28 12:01:24 cloud charon: 12[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:01:31 cloud charon: 13[IKE] sending retransmit 2 of request message ID 1842749079, seq 1
Jan 28 12:01:31 cloud charon: 13[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
</pre>
Please help meeee....
ipsec.conf
----------
config setup
plutostart=yes
nat_traversal=yes
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftrsasigkey=%cert
rightrsasigkey=%cert
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.2
rightcert=clientCert.pem
pfs=no
dpdaction=clear
auto=add
</pre>
<pre>
log
-------
received packet: from 61.17.42.189[500] to 192.168.0.9[500] (668 bytes)
Jan 28 12:00:13 cloud charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Jan 28 12:00:13 cloud charon: 09[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received XAuth vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received Cisco Unity vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received FRAGMENTATION vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] received DPD vendor ID
Jan 28 12:00:13 cloud charon: 09[IKE] 61.17.42.189 is initiating a Main Mode IKE_SA
Jan 28 12:00:13 cloud charon: 09[ENC] generating ID_PROT response 0 [ SA V V V ]
Jan 28 12:00:13 cloud charon: 09[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (136 bytes)
Jan 28 12:00:14 cloud charon: 10[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (292 bytes)
Jan 28 12:00:14 cloud charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 28 12:00:14 cloud charon: 10[IKE] local host is behind NAT, sending keep alives
Jan 28 12:00:14 cloud charon: 10[IKE] remote host is behind NAT
Jan 28 12:00:14 cloud charon: 10[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Jan 28 12:00:14 cloud charon: 10[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:00:14 cloud charon: 10[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ NAT-D NAT-D ]
Jan 28 12:00:14 cloud charon: 10[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (443 bytes)
Jan 28 12:00:14 cloud charon: 11[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (1180 bytes)
Jan 28 12:00:14 cloud charon: 11[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
Jan 28 12:00:14 cloud charon: 11[IKE] ignoring certificate request without data
Jan 28 12:00:14 cloud charon: 11[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] looking for XAuthInitRSA peer configs matching 192.168.0.9...61.17.42.189[C=CH, O=strongSwan, CN=client]
Jan 28 12:00:14 cloud charon: 11[CFG] selected peer config "ios"
Jan 28 12:00:14 cloud charon: 11[CFG] using certificate "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:00:14 cloud charon: 11[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
Jan 28 12:00:14 cloud charon: 11[CFG] certificate status is not available
Jan 28 12:00:14 cloud charon: 11[CFG] reached self-signed root ca with a path length of 0
Jan 28 12:00:14 cloud charon: 11[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
Jan 28 12:00:14 cloud charon: 11[IKE] authentication of 'C=CH, O=strongSwan, CN=bsnl.xminds.in' (myself) successful
Jan 28 12:00:14 cloud charon: 11[IKE] sending end entity cert "C=CH, O=strongSwan, CN=bsnl.xminds.in"
Jan 28 12:00:14 cloud charon: 11[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Jan 28 12:00:14 cloud charon: 11[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (1228 bytes)
Jan 28 12:00:14 cloud charon: 11[ENC] generating TRANSACTION request 1448838146 [ HASH CPRQ(X_USER X_PWD) ]
Jan 28 12:00:14 cloud charon: 11[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:14 cloud charon: 12[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (76 bytes)
Jan 28 12:00:14 cloud charon: 12[ENC] invalid HASH_V1 payload length, decryption failed?
Jan 28 12:00:14 cloud charon: 12[ENC] could not decrypt payloads
Jan 28 12:00:14 cloud charon: 12[IKE] message parsing failed
Jan 28 12:00:14 cloud charon: 12[IKE] ignore malformed INFORMATIONAL request
Jan 28 12:00:14 cloud charon: 12[IKE] INFORMATIONAL_V1 request with message ID 1269831636 processing failed
Jan 28 12:00:18 cloud charon: 13[IKE] sending retransmit 1 of request message ID 1448838146, seq 1
Jan 28 12:00:18 cloud charon: 13[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:25 cloud charon: 14[IKE] sending retransmit 2 of request message ID 1448838146, seq 1
Jan 28 12:00:25 cloud charon: 14[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:38 cloud charon: 04[IKE] sending retransmit 3 of request message ID 1448838146, seq 1
Jan 28 12:00:38 cloud charon: 04[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:00:43 cloud charon: 05[JOB] deleting half open IKE_SA after timeout
Jan 28 12:01:19 cloud charon: 08[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (668 bytes)
Jan 28 12:01:19 cloud charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Jan 28 12:01:19 cloud charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received XAuth vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received Cisco Unity vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received FRAGMENTATION vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] received DPD vendor ID
Jan 28 12:01:19 cloud charon: 08[IKE] 61.17.42.189 is initiating a Main Mode IKE_SA
Jan 28 12:01:19 cloud charon: 08[ENC] generating ID_PROT response 0 [ SA V V V ]
Jan 28 12:01:19 cloud charon: 08[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (136 bytes)
Jan 28 12:01:20 cloud charon: 09[NET] received packet: from 61.17.42.189[500] to 192.168.0.9[500] (292 bytes)
Jan 28 12:01:20 cloud charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 28 12:01:20 cloud charon: 09[IKE] local host is behind NAT, sending keep alives
Jan 28 12:01:20 cloud charon: 09[IKE] remote host is behind NAT
Jan 28 12:01:20 cloud charon: 09[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Jan 28 12:01:20 cloud charon: 09[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:01:20 cloud charon: 09[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ NAT-D NAT-D ]
Jan 28 12:01:20 cloud charon: 09[NET] sending packet: from 192.168.0.9[500] to 61.17.42.189[500] (443 bytes)
Jan 28 12:01:20 cloud charon: 10[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (1180 bytes)
Jan 28 12:01:20 cloud charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
Jan 28 12:01:20 cloud charon: 10[IKE] ignoring certificate request without data
Jan 28 12:01:20 cloud charon: 10[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] looking for XAuthInitRSA peer configs matching 192.168.0.9...61.17.42.189[C=CH, O=strongSwan, CN=client]
Jan 28 12:01:20 cloud charon: 10[CFG] selected peer config "ios"
Jan 28 12:01:20 cloud charon: 10[CFG] using certificate "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
Jan 28 12:01:20 cloud charon: 10[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
Jan 28 12:01:20 cloud charon: 10[CFG] certificate status is not available
Jan 28 12:01:20 cloud charon: 10[CFG] reached self-signed root ca with a path length of 0
Jan 28 12:01:20 cloud charon: 10[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
Jan 28 12:01:20 cloud charon: 10[IKE] authentication of 'C=CH, O=strongSwan, CN=bsnl.xminds.in' (myself) successful
Jan 28 12:01:20 cloud charon: 10[IKE] sending end entity cert "C=CH, O=strongSwan, CN=bsnl.xminds.in"
Jan 28 12:01:20 cloud charon: 10[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Jan 28 12:01:20 cloud charon: 10[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (1228 bytes)
Jan 28 12:01:20 cloud charon: 10[ENC] generating TRANSACTION request 1842749079 [ HASH CPRQ(X_USER X_PWD) ]
Jan 28 12:01:20 cloud charon: 10[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:01:21 cloud charon: 11[NET] received packet: from 61.17.42.189[4500] to 192.168.0.9[4500] (76 bytes)
Jan 28 12:01:21 cloud charon: 11[ENC] invalid HASH_V1 payload length, decryption failed?
Jan 28 12:01:21 cloud charon: 11[ENC] could not decrypt payloads
Jan 28 12:01:21 cloud charon: 11[IKE] message parsing failed
Jan 28 12:01:21 cloud charon: 11[IKE] ignore malformed INFORMATIONAL request
Jan 28 12:01:21 cloud charon: 11[IKE] INFORMATIONAL_V1 request with message ID 1855757066 processing failed
Jan 28 12:01:24 cloud charon: 12[IKE] sending retransmit 1 of request message ID 1842749079, seq 1
Jan 28 12:01:24 cloud charon: 12[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
Jan 28 12:01:31 cloud charon: 13[IKE] sending retransmit 2 of request message ID 1842749079, seq 1
Jan 28 12:01:31 cloud charon: 13[NET] sending packet: from 192.168.0.9[4500] to 61.17.42.189[4500] (76 bytes)
</pre>
Please help meeee....