[Swan] libreswan 3.17 NAT-T fails in phase2
Paul Wouters
paul at nohats.ca
Tue Jun 14 17:45:19 UTC 2016
On Mon, 13 Jun 2016, Ge Xu wrote:
> I am testing a VPN behind of a NAT gateway. I tried libreswan 3.15 and 3.17 with same configuration. 3.15 succeeds, but 3.17
> fails.
I am not aware of anything specific causing that.
> 000 #2: "vpn-0":4500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_CRYPTO_FAILED in 54s; lastdpd=-1s(seq in:0 out:0); idle;
> import:admin initiate
> 000 #1: "vpn-0":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27801s; newest ISAKMP; lastdpd=-1s(seq in:0
> out:0); idle; import:admin initiate
It looks like the IPsec SA did not fully establish. Either your logs or
the remote endpoint's log should have an entry saying what went wrong.
Paul
More information about the Swan
mailing list