Hi!
I am using a Windows 8.1 client (its behind a NAT IPv4 router)
and trying to connect to my StrongSwan server, installed on my root
server.
But this is failing, because Windows reports error 809.
My StrongSwan configuration is:
config setup
charondebug="cfg 0, dmn 2, ike 2, net 2, lib 3"
conn %default
dpdaction=clear
dpddelay=60s
esp=sha512-modp4096
fragmentation=yes
ike=sha512-modp4096
keyexchange=ikev2
mobike=yes
conn roadwarrior
auto=add
eap_identity=%any
fragmentation=yes
left=%any
leftauth=pubkey
leftcert=server.crt
leftsubnet=0.0.0.0/0,::/0
leftid="C=xx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx, E=xxx"
right=%any
rightauth=eap-mschapv2
rightsourceip=192.168.164.0/24
So, I've started to capture packets. What I can see:
Windows 8.1 client:
It sends IKE_SA_INIT and gets an response
After this, it sends IKE_AUTH and retries? two times again.
-> https://www.bl4ckb0x.de/client.bin
Linux IPv4 NAT router, to which the windows 8.1 client is connected:
IKE_SA_INIT is send to server, response received and forwarded to
client.
But I don't see anymore the IKE_AUTH. I can only see three times
fragmentation. Are these the IKE_AUTH packets?
-> https://www.bl4ckb0x.de/router.client.bin
StrongSwan server on the internet:
IKE_SA_INIT is received and replied back.
IKE_AUTH never arrives. Not even a fragmented packet.
-> https://www.bl4ckb0x.de/server.bin
So, is this a problem of fragmented packets? If so, what can I do?
fragmentation=yes is at least set. I am unsure, which part causes that
fragmentation?
Any ideas?
Thanks!
Conrad
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
