[strongSwan] IKE algorithms
Philip Hunt
huntp at huntp.com
Sat Jun 12 12:37:03 CEST 2010
Thanks for your help Andreas - my auth.log is attached.
On Sat, Jun 12, 2010 at 8:31 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hi Philip,
>
> with IKEv1 there are no hash algorithms used for the ISAKMP_SA
> truncated to 96 bits (only the ESP algorithms are)
>
> In order to diagnose your problem I'd need a full log output
> preferably with plutodebug="all" enabled in ipsec.conf.
>
> Best regards
>
> Andreas
>
> Hi,
>>
>> I'm trying to establish an IPSec tunnel to Amazon VPC.
>>
>> I'm getting the following problem when doing an "ipsec statusall".
>>
>> /000 "net-net": IKE algorithms wanted: 7_128-2-2, /
>> /000 "net-net": IKE algorithms found: 7_128-2_160-2, /
>>
>>
>> When doing an "ipsec listall", these are my registered IKE Hash
>> Algorithms:
>>
>> /000 List of registered IKE Hash Algorithms:/
>> /000 /
>> /000 #1 OAKLEY_MD5, hashsize: 128/
>> /000 #2 OAKLEY_SHA, hashsize: 160/
>> /000 #4 OAKLEY_SHA2_256, hashsize: 256/
>> /000 #5 OAKLEY_SHA2_384, hashsize: 384/
>> /000 #6 OAKLEY_SHA2_512, hashsize: 512/
>>
>>
>> I suspect the problem is that there is no hash algorithm registered that
>> is 96bit hashsize. Can anyone suggest how to load additional hash
>> algorithms, or identify what else this problem might be?
>>
>>
>>
>> Thanks,
>> Phil
>>
>> --
>> Philip Hunt
>> 021 424 996
>>
>
> --
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
--
Philip Hunt
021 424 996
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100612/1b982099/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth.log
Type: application/octet-stream
Size: 16408 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100612/1b982099/attachment.obj>
More information about the Users
mailing list