Mac laptop to iked errors

Paul Suh Thu, 06 Dec 2018 09:35:21 -0800

Folks,

Fiddling with a basic iked configuration:


ikev2 roadwarrior \
    from any to 172.31.0.0/20 \
    local 172.31.15.102 peer any \
    config address 172.31.0.224/28 \
    config protected-subnet 172.31.0.0/20 \
    tag "IKED"

I created a ca and certs using ikectl using hostnames. 

When I try to connect from my Mac laptop, I get the following errors (running 
iked with -d -vvv flags): 

> ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 
> length 8
> ikev2_pld_ts: count 1 length 0
> ikev2_pld_ts: malformed payload: too short for ts (4 < 8)
> ikev2_msg_send: IKE_AUTH response from 172.31.15.102:4500 to 
> 108.31.7.69:39749 msgid 1, 1456 bytes, NAT-T
> pfkey_sa_add: update spi 0x8b007e45
> pfkey_sa: udpencap port 39749
> ikev2_childsa_enable: loaded CHILD SA spi 0x8b007e45
> pfkey_sa_add: add spi 0x0758c03b
> pfkey_sa: udpencap port 39749
> ikev2_childsa_enable: loaded CHILD SA spi 0x0758c03b
> pfkey_flow: unsupported address family 0
> ikev2_childsa_enable: failed to load flow
> ikev2_dispatch_cert: failed to send ike auth

What am I doing wrong? 


--Paul

smime.p7s
Description: S/MIME cryptographic signature

Mac laptop to iked errors

Reply via email to