[Swan] Help needed: STATE_MAIN_I3: 60 second timeout exceeded after 7 retransmits. Possible authentication failure: no acceptable response to our first encrypted message

Tuomo Soini tis at foobar.fi
Wed Apr 17 09:37:16 UTC 2019

On Wed, 17 Apr 2019 11:21:42 +0200
Mathieu Rossignol <mathieu.rossignol at hurence.com> wrote:

> Hi Tuomo,
> Thank you very much for your answer.
> My last setence was malformed (I meant 'like if the key was invalid') 
> and in fact I also realized in between that when you change the PSK 
> file, you must restart the dameon in order to have it taken into 
> account. With that test (removing the key file), I saw a different 
> behaviour as expected (no suitable key found). I have also requested
> a contact for the other part (VPN other side) to tell me what's wrong
> in their logs. Still waiting for an answer. Will follow up if any
> news. Many thanks.

You can force rereading psk with command 'ipsec auto --rereadsecrets'
without need for restart.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>

More information about the Swan mailing list