Dec 3 16:16:43 front01 charon: 16[NET] sending packet: from 197.254.237.210[500] to 207.127.101.19[500] (36 bytes)
Dec 3 16:16:46 front01 charon: 10[IKE] retransmit 3 of request with message ID 0
Dec 3 16:16:46 front01 charon: 10[NET] sending packet: from 197.254.237.210[500] to 195.229.199.4[500] (6076 bytes)
Dec 3 16:16:47 front01 charon: 11[NET] received packet: from 195.229.199.4[500] to 197.254.237.210[500] (36 bytes)
Dec 3 16:16:47 front01 charon: 11[ENC] invalid notify data length for INVALID_KE_PAYLOAD (0)
Dec 3 16:16:47 front01 charon: 11[ENC] NOTIFY payload verification failed
Dec 3 16:16:47 front01 charon: 11[IKE] message verification failed
Dec 3 16:16:47 front01 charon: 11[IKE] IKE_SA_INIT response with message ID 0 processing failed
Hallo @aborenas
Welcome to the IPFire community.
Searching on this error message I have found the following comments.
The above error is seen due to the mismatch in the PFS (Perfect Forward Secrecy) setting of the IPSEC VPN.
- Verify if the PFS is enabled on both peers.
- Verify if the DH-Group is same on both end.
Hope this gives some clue as to where to look.
1 Like
DH-GROUP in ipfire written in different for example my peer sent me that his configuration is DH-group 14 what the matching ipfire list
thank and love
Just to add to the information
https://www.ipfire.org/blog/ipfire-2-27-core-update-170-released
https://docs.strongswan.org/docs/latest/config/proposals.html
Regards