Paul Suh
2018-12-06 17:34:01 UTC
Folks,
Fiddling with a basic iked configuration:
ikev2 roadwarrior \
from any to 172.31.0.0/20 \
local 172.31.15.102 peer any \
config address 172.31.0.224/28 \
config protected-subnet 172.31.0.0/20 \
tag "IKED"
I created a ca and certs using ikectl using hostnames.
--Paul
Fiddling with a basic iked configuration:
ikev2 roadwarrior \
from any to 172.31.0.0/20 \
local 172.31.15.102 peer any \
config address 172.31.0.224/28 \
config protected-subnet 172.31.0.0/20 \
tag "IKED"
I created a ca and certs using ikectl using hostnames.
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 8
ikev2_pld_ts: count 1 length 0
ikev2_pld_ts: malformed payload: too short for ts (4 < 8)
ikev2_msg_send: IKE_AUTH response from 172.31.15.102:4500 to 108.31.7.69:39749 msgid 1, 1456 bytes, NAT-T
pfkey_sa_add: update spi 0x8b007e45
pfkey_sa: udpencap port 39749
ikev2_childsa_enable: loaded CHILD SA spi 0x8b007e45
pfkey_sa_add: add spi 0x0758c03b
pfkey_sa: udpencap port 39749
ikev2_childsa_enable: loaded CHILD SA spi 0x0758c03b
pfkey_flow: unsupported address family 0
ikev2_childsa_enable: failed to load flow
ikev2_dispatch_cert: failed to send ike auth
What am I doing wrong?ikev2_pld_ts: count 1 length 0
ikev2_pld_ts: malformed payload: too short for ts (4 < 8)
ikev2_msg_send: IKE_AUTH response from 172.31.15.102:4500 to 108.31.7.69:39749 msgid 1, 1456 bytes, NAT-T
pfkey_sa_add: update spi 0x8b007e45
pfkey_sa: udpencap port 39749
ikev2_childsa_enable: loaded CHILD SA spi 0x8b007e45
pfkey_sa_add: add spi 0x0758c03b
pfkey_sa: udpencap port 39749
ikev2_childsa_enable: loaded CHILD SA spi 0x0758c03b
pfkey_flow: unsupported address family 0
ikev2_childsa_enable: failed to load flow
ikev2_dispatch_cert: failed to send ike auth
--Paul