[Swan] ikev2 and win7
bob at computerisms.ca
Sat May 16 00:39:29 EEST 2015
I have been deploying users with the new ikev2 setup, things are working
I have one question; this firewall has a net-to-net tunnel between
itself and a sonicwall device, and I am wondering how to get traffic
from the ikev2 road warriors into that tunnel. I have been playing with
iptables, but I am starting to get the feeling that isn't the answer.
It seems to be more of a routing issue, but I kind of expect that with
leftsubnet=0.0.0.0/0 it should be able to route to regular internet and
any tunnel. I looked through the ipsec.conf page, and it seems
leftsubnets would be the answer, but when I tried that the conn loaded
but I could not connect. Am I overlooking something in the docs
somewhere? do I need to have some extra config on the sonic wall to
make this work? Can someone point me at what I need to read?
And for the benefit of the next person scratching their head and
searching google on this log entry:
invalid last pad octet: 0x 8
ikev2_parent_inI2outR2_tail returned STF_FAIL
In our case, some thing was wrong with the certificate. not sure what,
as best as I can tell the cert was created the same as the working ones,
but nevertheless it was necessary to recreate the cert to make it work.
This also showed up here and there with apparently the same root cause:
protocol ID of IKEv2 Delete Payload has an unknown value: 0
"rw-ikev2" 126.96.36.199 #15: malformed payload in packet
"rw-ikev2" 188.8.131.52 #15: sending unencrypted notification
v2N_INVALID_SYNTAX to 184.108.40.206:1349
>> Does this solve the problem, as xauth does, of multiple clients
>> connecting from behind the same router?
> Yes, but you will need newer than 3.12 code for that. We should have
> a developer release out for 3.13 in a day or two. Or you can try your
> luck at the github master branch.
My luck has been pretty good till now, I think better to leave it that
way. Looking forward to the new release though...
More information about the Swan