Hi Joshua, > I got some problems about the configuration of strongswan, no matter > how I configured the IKEv2 connection just couldn't establish.
This doesn't look like a configuration issue but a network problem. The client does not seem to receive the IKE_SA_INIT response sent by the server (at least initially) and, therefore, retransmits the request a couple of times. It seems to stop after two retransmits so it might have received the response eventually. But since the server doesn't receive an IKE_AUTH request it could mean that there is an IP fragmentation issue (also check for errors on the client). If the IKE_AUTH request gets too big (e.g. because of lots of certificate requests or a large client certificate) it gets fragmented into multiple IP packets and if some firewall/router between client and server drops such fragments the server won't receive the full message. As this seems to be a Windows client you might not have a lot of options as Windows doesn't support IKEv2 fragmentation. If you use certificate authentication for the client you could try to switch to EAP with username/password (but it's possible that the server's IKE_AUTH response will get fragmented too). Also see [1]. Regards, Tobias [1] https://wiki.strongswan.org/issues/965#note-1