Andrew Munn
2016-06-07 22:45:02 UTC
I can successfully connect from Windows to a SonicWall using the Windows
SonicWall Global VPN Client. When I try to connect using StrongSwan I
get errors on the SonicWall:
IKEv2 payload processing error
IKEv2 VPN Policy not found - No VPN Policy for peer gateway
on the linux box I get
[ENC] parsing NOTIFY payload finished
[ENC] verifying payload of type NOTIFY
[ENC] NOTIFY payload verified, adding to payload list
[ENC] process payload of type NOTIFY
[ENC] verifying message structure
[ENC] found payload of type NOTIFY
[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
[IKE] received INVALID_SYNTAX notify error
[IKE] IKE_SA sr[1] state change: CONNECTING => DESTROYING
ipsec.conf is like:
config setup
charondebug="ike 2, cfg 2, enc 2"
conn sr
left=10.37.250.0/24
leftid=10.37.250.0/24
leftsourceip=%config
right=<ip removed>
rightid=<ip removed>
rightsubnet=10.37.250.0/24
keyexchange=ikev2
authby=psk
#ike=aes256-sha1-modp2048 # tried both of these
ike=aes128-sha1-modp2048! # ... no luck.
esp=aes256-sha1-modp2048
auto=start
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="ike 2, cfg 2, enc 2"
ipsec.secrets is just :
192.168.123.123 <ip removed> : PSK "secret"
Any ideas what is wrong? Thanks
SonicWall Global VPN Client. When I try to connect using StrongSwan I
get errors on the SonicWall:
IKEv2 payload processing error
IKEv2 VPN Policy not found - No VPN Policy for peer gateway
on the linux box I get
[ENC] parsing NOTIFY payload finished
[ENC] verifying payload of type NOTIFY
[ENC] NOTIFY payload verified, adding to payload list
[ENC] process payload of type NOTIFY
[ENC] verifying message structure
[ENC] found payload of type NOTIFY
[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
[IKE] received INVALID_SYNTAX notify error
[IKE] IKE_SA sr[1] state change: CONNECTING => DESTROYING
ipsec.conf is like:
config setup
charondebug="ike 2, cfg 2, enc 2"
conn sr
left=10.37.250.0/24
leftid=10.37.250.0/24
leftsourceip=%config
right=<ip removed>
rightid=<ip removed>
rightsubnet=10.37.250.0/24
keyexchange=ikev2
authby=psk
#ike=aes256-sha1-modp2048 # tried both of these
ike=aes128-sha1-modp2048! # ... no luck.
esp=aes256-sha1-modp2048
auto=start
config setup
# strictcrlpolicy=yes
# uniqueids = no
charondebug="ike 2, cfg 2, enc 2"
ipsec.secrets is just :
192.168.123.123 <ip removed> : PSK "secret"
Any ideas what is wrong? Thanks