[strongSwan] IKE algorithms

Andreas Steffen andreas.steffen at strongswan.org
Sat Jun 12 10:31:35 CEST 2010


Hi Philip,

with IKEv1 there are no hash algorithms used for the ISAKMP_SA
truncated to 96 bits (only the ESP algorithms are)

In order to diagnose your problem I'd need a full log output
preferably with plutodebug="all" enabled in ipsec.conf.

Best regards

Andreas

> Hi,
>
> I'm trying to establish an IPSec tunnel to Amazon VPC.
>
> I'm getting the following problem when doing an "ipsec statusall".
>
>     /000 "net-net":   IKE algorithms wanted: 7_128-2-2, /
>     /000 "net-net":   IKE algorithms found:  7_128-2_160-2, /
>
>
> When doing an "ipsec listall", these are my registered IKE Hash Algorithms:
>
>     /000 List of registered IKE Hash Algorithms:/
>     /000 /
>     /000 #1     OAKLEY_MD5, hashsize: 128/
>     /000 #2     OAKLEY_SHA, hashsize: 160/
>     /000 #4     OAKLEY_SHA2_256, hashsize: 256/
>     /000 #5     OAKLEY_SHA2_384, hashsize: 384/
>     /000 #6     OAKLEY_SHA2_512, hashsize: 512/
>
>
> I suspect the problem is that there is no hash algorithm registered that
> is 96bit hashsize.  Can anyone suggest how to load additional hash
> algorithms, or identify what else this problem might be?
>
>
>
> Thanks,
> Phil
>
> --
> Philip Hunt
> 021 424 996

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list