[strongSwan] IKE algorithms

Philip Hunt huntp at huntp.com
Sat Jun 12 12:37:03 CEST 2010


Thanks for your help Andreas - my auth.log is attached.


On Sat, Jun 12, 2010 at 8:31 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Philip,
>
> with IKEv1 there are no hash algorithms used for the ISAKMP_SA
> truncated to 96 bits (only the ESP algorithms are)
>
> In order to diagnose your problem I'd need a full log output
> preferably with plutodebug="all" enabled in ipsec.conf.
>
> Best regards
>
> Andreas
>
>  Hi,
>>
>> I'm trying to establish an IPSec tunnel to Amazon VPC.
>>
>> I'm getting the following problem when doing an "ipsec statusall".
>>
>>    /000 "net-net":   IKE algorithms wanted: 7_128-2-2, /
>>    /000 "net-net":   IKE algorithms found:  7_128-2_160-2, /
>>
>>
>> When doing an "ipsec listall", these are my registered IKE Hash
>> Algorithms:
>>
>>    /000 List of registered IKE Hash Algorithms:/
>>    /000 /
>>    /000 #1     OAKLEY_MD5, hashsize: 128/
>>    /000 #2     OAKLEY_SHA, hashsize: 160/
>>    /000 #4     OAKLEY_SHA2_256, hashsize: 256/
>>    /000 #5     OAKLEY_SHA2_384, hashsize: 384/
>>    /000 #6     OAKLEY_SHA2_512, hashsize: 512/
>>
>>
>> I suspect the problem is that there is no hash algorithm registered that
>> is 96bit hashsize.  Can anyone suggest how to load additional hash
>> algorithms, or identify what else this problem might be?
>>
>>
>>
>> Thanks,
>> Phil
>>
>> --
>> Philip Hunt
>> 021 424 996
>>
>
> --
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>



-- 
Philip Hunt
021 424 996
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100612/1b982099/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth.log
Type: application/octet-stream
Size: 16408 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100612/1b982099/attachment.obj>


More information about the Users mailing list