Hi Andreas, No it is not strongswan on peer end. I am using third party VPN.
So is the IKE_AUTH packet size is fixed to 204 bytes for PSK mode and anything exceeding that can be Invalid length. Configuration on my side is: conn %default ikelifetime = 28800s type = tunnel lifetime = 3600s dpddelay = 30 dpdaction = restart reauth = no mobike = no #disable mobike - no use case conn 10.109.229.250_1.1.2.0/24-10.109.229.252_2.1.1.0/24 left=10.109.229.250 leftid=10.109.229.250 rightid=10.109.229.252 leftsubnet=1.1.2.0/24 right=10.109.229.252 rightsubnet=2.1.1.0/24 authby=secret keyexchange = ikev2 auto = add fragmentation = yes esp=aes256-sha1-modp2048 ike=aes256-sha1-modp2048! Thanks & Regards, Yogesh On Mon, Oct 29, 2018 at 1:39 PM Andreas Steffen < andreas.stef...@strongswan.org> wrote: > Hi Yogesh, > > are you using an unmodified strongSwan peer on the other side or > a third party VPN product? If it is strongSwan, which version are > you using? Could you also send the configuration of the CHILD SA? > > Regards > > Andreas > > On 29.10.2018 06:43, Yogesh Purohit wrote: > > Adding subject line to my query > > > > On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit > > <yogeshpuroh...@gmail.com <mailto:yogeshpuroh...@gmail.com>> wrote: > > > > Hi Team, > > > > I am trying to establish tunnel with my strongswan. > > But after receiving IKE_AUTH response my local strongswan end > > (initiator) rejects tunnel saying ' length of > > TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid'. > > > > And I am unable to get the reason for the same. Because I have > > configured traffic selectors matching. > > > > IKE_Auth response which is recived is of 252 bytes, whereas when my > > tunnel was established in other case IKE_AUTH response was of 204 > bytes. > > NOTE: I am trying the tunnel with PSK and version is IKEv2. > > > > So is there fixed bytes of IKE_AUTH response which is expected by > > strongswan for PSK. > > > > And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure > > list invalid' means, I tried finding it in RFC, but could not find > > the same. > > > > > > Thanks & Regards, > > > > Yogesh Purohit > > > > > > > > -- > > Best Regards, > > > > Yogesh Purohit > > -- > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Networked Solutions > HSR University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[INS-HSR]== > > -- Best Regards, Yogesh Purohit