[Swan] Help needed: STATE_MAIN_I3: 60 second timeout exceeded after 7 retransmits. Possible authentication failure: no acceptable response to our first encrypted message

Mathieu Rossignol mathieu.rossignol at hurence.com
Wed Apr 17 09:49:43 UTC 2019 

Ok that's noted thx.

BTW do you have an idea what the STATE_MAIN_I3 state i'm stuck is? I 
guess it's the state where you send your PSK key and are waiting for the 
other part to authenticate it, but I could not find any doc on this. The 
IKEv2 RFC does not mention that neither, nor the libreswan doc 
(https://libreswan.org/wiki/Pluto_internals). Would be great to have 
somewhere the mapping between internal libreswan states/state machine 
and the IKE PDUs spec or something. This would may be give a clue of 
what's happening. Even better in my case would potentially be a more 
explicit message...don't know....

On 4/17/19 11:37 AM, Tuomo Soini wrote:
> On Wed, 17 Apr 2019 11:21:42 +0200
> Mathieu Rossignol <mathieu.rossignol at hurence.com> wrote:
>
>> Hi Tuomo,
>>
>> Thank you very much for your answer.
>>
>> My last setence was malformed (I meant 'like if the key was invalid')
>> and in fact I also realized in between that when you change the PSK
>> file, you must restart the dameon in order to have it taken into
>> account. With that test (removing the key file), I saw a different
>> behaviour as expected (no suitable key found). I have also requested
>> a contact for the other part (VPN other side) to tell me what's wrong
>> in their logs. Still waiting for an answer. Will follow up if any
>> news. Many thanks.
> You can force rereading psk with command 'ipsec auto --rereadsecrets'
> without need for restart.
>
-- 

*Mathieu Rossignol*
*Architecte/Développeur Big Data*

mathieu.rossignol at hurence.com <mailto:mathieu.rossignol at hurence.com> | 
+33 (0)6 63646410
*Hurence SAS*
400 Chemin des Longs Prés
38660 LUMBIN, France
http://www.hurence.com <http://www.hurence.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190417/2002ae69/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image1
Type: image/png
Size: 2503 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190417/2002ae69/attachment.png>

More information about the Swan mailing list