[Swan] Connect fails with STATE_V2_PARENT_I1 retransmission
Alex
mysqlstudent at gmail.com
Sun Jun 4 19:19:58 EEST 2023
>
>
> Jun 4 11:49:48.969175: "mail03-polaris" #4: sent IKE_SA_INIT reply
> {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
> Jun 4 11:49:49.468301: "mail03-polaris" #4: received duplicate
> IKE_SA_INIT message request (Message ID 0); retransmitting response
> Jun 4 11:49:49.968929: "mail03-polaris" #4: received duplicate
> IKE_SA_INIT message request (Message ID 0); retransmitting response
>
I realized I may not have made it clear that my report and all of the
information here is focused on the connection between mail03 and polaris.
I thought it might also be helpful to have a bit of output from tcpdump on
the server with the problem.
# tcpdump -n -i enp3s0 esp or udp port 500 or udp port 4500 or tcp port 4500
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144
bytes
12:14:37.375402 IP 68.195.111.45.isakmp > 147.135.9.126.isakmp: isakmp:
parent_sa ikev2_init[I]
12:14:37.391669 IP 147.135.9.126.isakmp > 68.195.111.45.isakmp: isakmp:
parent_sa ikev2_init[R]
No esp traffic? I'm also not doing NAT-T so I suppose there wouldn't be any
port 4500.
Thanks,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230604/005d50eb/attachment.htm>
More information about the Swan
mailing list