<div dir="ltr">None of them worked. The same response:<div><br></div><div>Notify Message Type of ISAKMP Notification Payload has an unknown value: 15823</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 14, 2015 at 7:25 AM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, 14 Jan 2015, Ali Gangji wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
OS X version 10.10.1 and Server version 4.0.3.<br>
Attached is the log from the server showing 2 connection attempts.<br>
</blockquote>
<br></span>
two interesting events in your log:<br>
<br>
Jan 13 21:20:49 Abduls-Mac-mini.local racoon[16743]: packet shorter than isakmp header size (size: 0, minimum expected: 28)<br>
<br>
It seems your network might be causing fragmentation without<br>
reassembling it properly. That is, it looks like the tail<br>
end of the packet is missing. Either that, or we would be sending<br>
out a (fragmented?) packet with a badly specified isakmp header<br>
size, which I think is less likely.<br>
<br>
Jan 13 21:21:00 Abduls-Mac-mini.local racoon[16743]: !!! skipped retransmitting frags: frag_flags 1, r->sendbuf->l 224, max 1280<br>
<br>
I don't fully understand this, but it is related to ike fragmentation.<br>
<br>
Please try your connection on libreswan with the following settings:<br>
<br>
ike-frag=no<br>
<br>
ike-frag=yes<br>
<br>
ike-frag=force<br>
<br>
and let me know which of the three, if any, actually worked.<span class="HOEnZb"><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div>