[strongSwan] IKE algorithms
Andreas Steffen
andreas.steffen at strongswan.org
Sat Jun 12 10:31:35 CEST 2010
Hi Philip,
with IKEv1 there are no hash algorithms used for the ISAKMP_SA
truncated to 96 bits (only the ESP algorithms are)
In order to diagnose your problem I'd need a full log output
preferably with plutodebug="all" enabled in ipsec.conf.
Best regards
Andreas
> Hi,
>
> I'm trying to establish an IPSec tunnel to Amazon VPC.
>
> I'm getting the following problem when doing an "ipsec statusall".
>
> /000 "net-net": IKE algorithms wanted: 7_128-2-2, /
> /000 "net-net": IKE algorithms found: 7_128-2_160-2, /
>
>
> When doing an "ipsec listall", these are my registered IKE Hash Algorithms:
>
> /000 List of registered IKE Hash Algorithms:/
> /000 /
> /000 #1 OAKLEY_MD5, hashsize: 128/
> /000 #2 OAKLEY_SHA, hashsize: 160/
> /000 #4 OAKLEY_SHA2_256, hashsize: 256/
> /000 #5 OAKLEY_SHA2_384, hashsize: 384/
> /000 #6 OAKLEY_SHA2_512, hashsize: 512/
>
>
> I suspect the problem is that there is no hash algorithm registered that
> is 96bit hashsize. Can anyone suggest how to load additional hash
> algorithms, or identify what else this problem might be?
>
>
>
> Thanks,
> Phil
>
> --
> Philip Hunt
> 021 424 996
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list