Connectivity aborted from VPN device to azure virtual network gateway

Question

I am using a raspberry pi 4 B as a vpn device . Pi is running on Debian bookworm OS. The intention is put he pi on a v/network in azure with a S2S Connection from a fixed location.

i have setup a Vnet, Gateway subnet, a VPN Gateway, a local gateway representing my premises and a site to site connection. I made sure that the configurations and all local and and public in the azure were included in the config file of strongswan running in the raspberry pi.
i am ablle to ping te VPN gate way and when the pi send the first packet of data the connection is immediately aborted. This is the error logs i am encounterring>  any suggestions

FiR.mt@LAB09:~ $ sudo journalctl -u strongswan --no-pager | tail -50 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 7 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 8 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 9 PAYLOAD_LENGTH Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 10 U_INT_8 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 11 SPI_SIZE Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 12 U_INT_16 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 13 SPI Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 14 CHUNK_DATA Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC] generating NOTIFY payload finished Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC] generating payload of type NOTIFY Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 0 U_INT_8 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 1 FLAG Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 2 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 3 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 4 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 5 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 6 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 7 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 8 RESERVED_BIT Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 9 PAYLOAD_LENGTH Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 10 U_INT_8 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 11 SPI_SIZE Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 12 U_INT_16 Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 13 SPI Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC]   generating rule 14 CHUNK_DATA Mar 13 11:07:21 LAB09 charon[59257]: 08[ENC] generating NOTIFY payload finished Mar 13 11:07:21 LAB09 charon[59257]: 08[NET] sending packet: from 192.168.1.197[500] to 20.107.66.28[500] (336 bytes) Mar 13 11:07:21 LAB09 charon[59257]: 00[DMN] SIGINT received, shutting down Mar 13 11:07:21 LAB09 charon[59257]: 00[IKE] destroying IKE_SA in state CONNECTING without notification Mar 13 11:07:21 LAB09 charon[59257]: 00[IKE] IKE_SA azure[1] state change: CONNECTING => DESTROYING Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 6 RESERVED_BIT Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 7 RESERVED_BIT Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 8 RESERVED_BIT Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 9 PAYLOAD_LENGTH Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 10 U_INT_8 Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 11 SPI_SIZE Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 12 U_INT_16 Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 13 SPI Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC]   generating rule 14 CHUNK_DATA Mar 13 11:07:21 LAB09 ipsec[59257]: 08[ENC] generating NOTIFY payload finished Mar 13 11:07:21 LAB09 ipsec[59257]: 08[NET] sending packet: from 192.168.1.197[500] to 20.107.66.28[500] (336 bytes) Mar 13 11:07:21 LAB09 ipsec[59257]: 00[DMN] SIGINT received, shutting down Mar 13 11:07:21 LAB09 ipsec[59257]: 00[IKE] destroying IKE_SA in state CONNECTING without notification Mar 13 11:07:21 LAB09 ipsec[59257]: 00[IKE] IKE_SA azure[1] state change: CONNECTING => DESTROYING Mar 13 11:07:21 LAB09 ipsec[59249]: charon stopped after 200 ms Mar 13 11:07:21 LAB09 ipsec[59249]: ipsec starter stopped Mar 13 11:07:21 LAB09 ipsec_starter[59249]: charon stopped after 200 ms Mar 13 11:07:21 LAB09 ipsec_starter[59249]: ipsec starter stopped Mar 13 11:07:21 LAB09 ipsec[59391]: Stopping strongSwan IPsec failed: starter is not running Mar 13 11:07:21 LAB09 systemd[1]: strongswan.service: Deactivated successfully. FiR.mt@LAB09:~ $ 

Answer 1

Hello Brian

Your connection is aborting almost immediately after sending the first packet, and the logs show a SIGINT that causes the IKE SA to be destroyed. This behavior typically points to one or more of the following:

Mismatch in IKEv2 proposals (encryption, integrity, DH groups).

Identity (leftid/rightid) and PSK mismatches.

Configuration issues with NAT-T or DPD.

External service management signals causing a shutdown.

Double-check your strongSwan configuration against Azure’s requirements, review any system or service management settings that might be sending SIGINTs, and increase log verbosity to gather more detailed error context. These steps should help narrow down the root cause.

😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!