[strongSwan] IKE algorithms

Andreas Steffen andreas.steffen at strongswan.org
Sat Jun 12 13:25:13 CEST 2010


Hmmm, I don't see any IKE negotiation going on. But there
is the following error message:

Jun 12 22:31:53 ubuntu pluto[7456]:
    added connection description "net-net"
192.168.5.0/24===60.234.161.103[@straker]...72.21.209.193[@amazon]===192.168.6.0/24
"net-net": we have no ipsecN interface for either end of this connection

You define 60.234.161.103 and 72.21.209.193 as your VPN endpoints
but the IP address of your only physical interface is 192.168.5.33,
so that no connection can be initiated.

Regards

Andreas

On 06/12/2010 12:37 PM, Philip Hunt wrote:
> Thanks for your help Andreas - my auth.log is attached.
>
>
> On Sat, Jun 12, 2010 at 8:31 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
>
>     Hi Philip,
>
>     with IKEv1 there are no hash algorithms used for the ISAKMP_SA
>     truncated to 96 bits (only the ESP algorithms are)
>
>     In order to diagnose your problem I'd need a full log output
>     preferably with plutodebug="all" enabled in ipsec.conf.
>
>     Best regards
>
>     Andreas
>
>         Hi,
>
>         I'm trying to establish an IPSec tunnel to Amazon VPC.
>
>         I'm getting the following problem when doing an "ipsec statusall".
>
>             /000 "net-net":   IKE algorithms wanted: 7_128-2-2, /
>             /000 "net-net":   IKE algorithms found:  7_128-2_160-2, /
>
>
>         When doing an "ipsec listall", these are my registered IKE Hash
>         Algorithms:
>
>             /000 List of registered IKE Hash Algorithms:/
>             /000 /
>             /000 #1     OAKLEY_MD5, hashsize: 128/
>             /000 #2     OAKLEY_SHA, hashsize: 160/
>             /000 #4     OAKLEY_SHA2_256, hashsize: 256/
>             /000 #5     OAKLEY_SHA2_384, hashsize: 384/
>             /000 #6     OAKLEY_SHA2_512, hashsize: 512/
>
>
>         I suspect the problem is that there is no hash algorithm
>         registered that
>         is 96bit hashsize.  Can anyone suggest how to load additional hash
>         algorithms, or identify what else this problem might be?
>
>
>
>         Thanks,
>         Phil
>
>         --
>         Philip Hunt
>         021 424 996
>
-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list