-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Ilan,
That could be the client trying to use agressive mode. Enable it in the conn section and see if it works with it. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 05.02.2015 um 19:17 schrieb Ilan Caspi: > Hi, > > I'm trying to connect a chromebook to Linux strongSwan > U5.1.2/K3.13.0-43-generic with not much luck. > > Using a secret the connection is just fine but when moving the authentication > using a CA things are going wrong. The certs should be ok because they work > with a different connection > > From reading the logs the authentication is going well but things are > starting to go wrong here: > > 15[ENC] generating ID_PROT response 0 [ ID CERT CERT CERT SIG ] > > 15[NET] sending packet: from 162.243.137.92[4500] to 50.204.245.210[4500] > (2092 bytes) > > 04[NET] sending packet: from 162.243.137.92[4500] to 50.204.245.210[4500] > > 03[NET] received packet: from 50.204.245.210[4500] to 162.243.137.92[4500] > > 03[NET] waiting for data on sockets > > 06[NET] received packet: from 50.204.245.210[4500] to 162.243.137.92[4500] > (68 bytes) > > 06[ENC] invalid HASH_V1 payload length, decryption failed? > > 06[ENC] could not decrypt payloads > > 06[IKE] message parsing failed > > 06[IKE] ignore malformed INFORMATIONAL request > > ipsec.conf > > config setup > > charondebug="cfg 2, dmn 2, ike 2, net 2" > > uniqueids=never > > conn %default > > authby=rsasig > > leftrsasigkey=%cert > > rightrsasigkey=%cert > > keyingtries=1 > > keylife=60m > > ikelifetime=240m > > rightdns=8.8.8.8 > > > conn ios > > keyexchange=ikev1 > > xauth=server > > left=%defaultroute > > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> > > leftcert=server.pem > > right=%any > > rightid="CN=*, OU=1957, O=secretdomain.com <http://pertino.com>, C=US" > > rightsourceip=172.27.0.0/16 <http://172.27.0.0/16> > > rightsubnet=172.27.0.0/16 <http://172.27.0.0/16> > > rightauth2=xauth-noauth > > ike=aes128-sha1-modp2048,3des-sha1-modp1536 > > esp=aes128-sha1-modp2048,3des-sha1-modp1536 > > rekey=no > > reauth=no > > dpddelay=10 > > dpdtimeout=30 > > dpdaction=clear > > auto=add > > fragmentation=yes > > > > conn chromebook > > keyexchange=ikev1 > > authby=rsasig > > rekey=no > > keyingtries=2 > > left=%defaultroute > > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> > > leftprotoport=udp/l2tp > > leftcert=server.pem > > right=%any > > rightprotoport=udp/%any > > rightrsasigkey=%cert > > rightid="CN=*, OU=1957, O= secretdomain.com <http://pertino.com>, C=US" > > auto=add > > ipsec.secrets > > : RSA /etc/ipsec.d/private/newserverkey.pem > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJU0+AqAAoJEDg5KY9j7GZYA9AP/0ufz0Ur1gbiPMPjr9xZR9w7 ciRsuuGKZ8njpt36rGacFXDrD9X2dRtuYTa9UCkHo//e+nqZwB8JlK0f+sKePCqG FodwUubzmT8maARmE5x33B6O1sG8XHLdbWeNBoVY4N1Di1fjizPTqyxM1HCYZMtc WSN1FUQ2Rceo6NL6KGo8/IAtoIr+ovX0ok1hX5Jzd98bTUeGfcOVcedyX5auwEnZ efHqrkqaHwqCa6B3r/iOmDpW0A877hIYK45mBc87mF2k40l4zX97nbt/UM9BtSaX /xuhU4wS02HkGcSqp+z/d6CMgOsVLAjhgesyPZgzY+oNOvEHUDNOC0i5SV2uYBNY Z5mlL1ZPD/2fr4jDR1vfmQXiqo7jsJHdWjMT+X3zfptxDF1ek34PyyCc/fOq8zDK Xmk2hMi4Kr3ldE1+se8eERh7S0S1gNVrqoDkRN6OklwpwKiaJtgNT7OBZCl9Zhwn fuiB+0ilK6ADPtasSgw5IKXrLyNry+oh6lCHgJ2mrngfOfgxjxgoZLymMr6Ad9wC zgAhU+Ai4EJH3xQehfZYZV775KfDp22o5HCR/Ho2PaFuKxLnTFeXsQHltog/Jd0L 3seAqFSu7yEJ4DuDFzHCBiUdN9AQpYqj5fgIYbH2vo3/L7TqEDYqKUyylX3vvIYc 02x4JkZxJIZMAZh8yvdH =oI9J -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
