Hi Yogesh, are you using an unmodified strongSwan peer on the other side or a third party VPN product? If it is strongSwan, which version are you using? Could you also send the configuration of the CHILD SA?
Regards Andreas On 29.10.2018 06:43, Yogesh Purohit wrote: > Adding subject line to my query > > On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit > <yogeshpuroh...@gmail.com <mailto:yogeshpuroh...@gmail.com>> wrote: > > Hi Team, > > I am trying to establish tunnel with my strongswan. > But after receiving IKE_AUTH response my local strongswan end > (initiator) rejects tunnel saying ' length of > TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid'. > > And I am unable to get the reason for the same. Because I have > configured traffic selectors matching. > > IKE_Auth response which is recived is of 252 bytes, whereas when my > tunnel was established in other case IKE_AUTH response was of 204 bytes. > NOTE: I am trying the tunnel with PSK and version is IKEv2. > > So is there fixed bytes of IKE_AUTH response which is expected by > strongswan for PSK. > > And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure > list invalid' means, I tried finding it in RFC, but could not find > the same. > > > Thanks & Regards, > > Yogesh Purohit > > > > -- > Best Regards, > > Yogesh Purohit -- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature