The iked.conf, output/logs from iked running -v, and a description of client setup would help.
Don't forget to include your PSK. >:-) On Thu, Sep 25, 2014 at 1:09 AM, Artem Falcon <[email protected]> wrote: > Markus Wernig <[email protected]>: > > > ... > > But the client is unable to connect to the VPN GW, and I just can't find > > out what's going wrong. Unfortunately there are two ways it is failing: > > > > 1) Client sends IKEv2 msg IKE_SA_INIT on Port 500, VPN GW replies with > > IKE_SA_INIT and CertReq, *then client sends IKE_AUTH. But to this packet > > the VPN GW never replies, and the client resends until it times out*. I > > see in the client log that it is selecting and sending the [email protected] > > certificate. In the VPN GW logs I get: > > > > Aug 9 08:40:35 tunnel iked[18255]: ikev2_recv: IKE_SA_INIT from > > initiator A.B.C.D:34276 to 10.x.y.z:500 policy 'johndoevpn' id 0, 1048 > bytes > > Aug 9 08:40:35 tunnel iked[18255]: ikev2_msg_send: IKE_SA_INIT from > > 10.x.y.z:500 to A.B.C.D:34276, 457 bytes > > Aug 9 08:40:35 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > > Aug 9 08:40:39 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > > Aug 9 08:40:46 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > > Aug 9 08:40:59 tunnel iked[18255]: ikev2_recv: IKE_AUTH from initiator > > A.B.C.D:4500 to 10.x.y.z:4500 policy 'johndoevpn' id 1, 2320 bytes > > ... > > Hi, folks! > > I have the same failing scenario when using BlackBerry 10 client. > OpenIKED is from -current. Ikeauth mode is PSK (yeah, insecure). > > Any ideas what it may be and how to fix it? > Thanks.
