mgi wrote:Hi,
I collected the output from the swanctl --log. I see there two disconnect and two connect, but nothing special. You can take a look at the log file.
Well, actually there's lots of special info there. From what I see in the logs, it seems like IPsec connection gets dropped becuase of 2 reasons:
- Decryption failure:
15[ENC] invalid HASH_V1 payload length, decryption failed? 15[ENC] could not decrypt payloads 15[IKE] message parsing failed 15[ENC] generating INFORMATIONAL_V1 request 123356268 [ HASH N(PLD_MAL) ]
- Or hash mismatch:
06[NET] received packet: from PUBLIC_IP1[500] to PUBLIC_IP2[500] (300 bytes) 06[ENC] parsed QUICK_MODE request 1408977760 [ HASH SA No KE ID ID ] 06[ENC] received HASH payload does not match 06[IKE] integrity check failed 06[ENC] generating INFORMATIONAL_V1 request 2443824502 [ HASH N(INVAL_HASH) ]
Some questions:
- What was the firmware version on ER-L that you have been using before?
- What is the firmware version in ER-X that you are using now?
- Who is on the other end of VPN tunnel? Is it an ER or a different router?