Mac laptop to iked errors

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Mac laptop to iked errors

Paul Suh-2
Folks,

Fiddling with a basic iked configuration:

ikev2 roadwarrior \
    from any to 172.31.0.0/20 \
    local 172.31.15.102 peer any \
    config address 172.31.0.224/28 \
    config protected-subnet 172.31.0.0/20 \
    tag "IKED"

I created a ca and certs using ikectl using hostnames.

When I try to connect from my Mac laptop, I get the following errors (running iked with -d -vvv flags):

> ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 8
> ikev2_pld_ts: count 1 length 0
> ikev2_pld_ts: malformed payload: too short for ts (4 < 8)
> ikev2_msg_send: IKE_AUTH response from 172.31.15.102:4500 to 108.31.7.69:39749 msgid 1, 1456 bytes, NAT-T
> pfkey_sa_add: update spi 0x8b007e45
> pfkey_sa: udpencap port 39749
> ikev2_childsa_enable: loaded CHILD SA spi 0x8b007e45
> pfkey_sa_add: add spi 0x0758c03b
> pfkey_sa: udpencap port 39749
> ikev2_childsa_enable: loaded CHILD SA spi 0x0758c03b
> pfkey_flow: unsupported address family 0
> ikev2_childsa_enable: failed to load flow
> ikev2_dispatch_cert: failed to send ike auth
What am I doing wrong?


--Paul


smime.p7s (5K) Download Attachment