Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2 / transport is not working in 2.2.4

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 795 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kennylam
      last edited by

      Same setting of transport mode works fine in IKEv1, but not in IKEv2. However the tunnel mode is working in the same IKEv2 Phase 1 settings.

      Testing enviroment:
      LAN to LAN,
      192.168.1.1 <-transport-> 192.168.2.1

      –----------------------
      Aug 20 00:05:46 charon: 12[NET] <con1|8>sending packet: from 192.168.1.1[4500] to 192.168.2.1[4500] (76 bytes)
      Aug 20 00:05:51 charon: 12[NET] <con1|8>received packet: from 192.168.2.1[4500] to 192.168.1.1[4500] (544 bytes)
      Aug 20 00:05:51 charon: 12[ENC] <con1|8>parsed CREATE_CHILD_SA request 19 [ EF(1/3) ]
      Aug 20 00:05:51 charon: 12[ENC] <con1|8>received fragment #1 of 3, waiting for complete IKE message
      Aug 20 00:05:51 charon: 16[NET] <con1|8>received packet: from 192.168.2.1[4500] to 192.168.1.1[4500] (144 bytes)
      Aug 20 00:05:51 charon: 16[ENC] <con1|8>parsed CREATE_CHILD_SA request 19 [ EF(3/3) ]
      Aug 20 00:05:51 charon: 16[ENC] <con1|8>received fragment #3 of 3, waiting for complete IKE message
      Aug 20 00:05:51 charon: 08[NET] <con1|8>received packet: from 192.168.2.1[4500] to 192.168.1.1[4500] (544 bytes)
      Aug 20 00:05:51 charon: 08[ENC] <con1|8>parsed CREATE_CHILD_SA request 19 [ EF(2/3) ]
      Aug 20 00:05:51 charon: 08[ENC] <con1|8>received fragment #2 of 3, reassembling fragmented IKE message
      Aug 20 00:05:51 charon: 08[ENC] <con1|8>parsed CREATE_CHILD_SA request 19 [ N(USE_TRANSP) N(ESP_TFC_PAD_N) SA No TSi TSr ]
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>traffic selectors 192.168.1.1/32|/0 192.168.1.1/32|/0 === 192.168.2.1/32|/0 192.168.2.1/32|/0 inacceptable
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>traffic selectors 192.168.1.1/32|/0 192.168.1.1/32|/0 === 192.168.2.1/32|/0 192.168.2.1/32|/0 inacceptable
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>failed to establish CHILD_SA, keeping IKE_SA
      Aug 20 00:05:51 charon: 08[IKE] <con1|8>failed to establish CHILD_SA, keeping IKE_SA
      Aug 20 00:05:51 charon: 08[ENC] <con1|8>generating CREATE_CHILD_SA response 19 [ N(TS_UNACCEPT) ]
      –----------------------</con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8></con1|8>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.