[strongSwan] [Strongswan]expected hash algorithm HASH_SHA1, but found HASH_SHA256 error

SaRaVanAn saravanan.nagarajan87 at gmail.com
Wed Aug 22 08:46:05 CEST 2012 

Hi,
   I am trying to form a tunnel using RSA authentication in Strongswan with
CISCO as peer, but
I am getting the below error message.

Aug 22 12:03:34 uxcasxxx charon: 08[CFG] selected peer config 'site-site'
Aug 22 12:03:34 uxcasxxx charon: 08[CFG]   using certificate "C=IN, O=CAS"
Aug 22 12:03:34 uxcasxxx charon: 08[CFG]   using trusted ca certificate
"C=IN, ST=TN, L=CH, O=CAS, E=saravanan at strongswan.org"
Aug 22 12:03:34 uxcasxxx charon: 08[CFG] checking certificate status of
"C=IN, O=CAS"
Aug 22 12:03:34 uxcasxxx charon: 08[CFG] certificate status is not available
Aug 22 12:03:34 uxcasxxx charon: 08[CFG]   reached self-signed root ca with
a path length of 0
*Aug 22 12:03:34 uxcasxxx charon: 08[LIB] expected hash algorithm
HASH_SHA1, but found HASH_SHA256 (OID:
30:0d:06:09:60:86:48:01:65:03:04:02:01:05:00)*
Aug 22 12:03:34 uxcasxxx charon: 08[IKE] signature validation failed,
looking for another key
Aug 22 12:03:34 uxcasxxx charon: 08[ENC] generating IKE_AUTH response 1 [
N(AUTH_FAILED) ]

Please find my configurations below .

ca vpnca
         cacert=ikeca_email.crt
         auto=add

config setup
          plutostart=yes
          plutodebug=all
          charonstart=yes
          charondebug=all
          nat_traversal=yes
          crlcheckinterval=10m
          strictcrlpolicy=no

conn %default
        ikelifetime=8h
        lifetime = 8h
        rekeyfuzz = 100%
        keyingtries=1

conn site-site
    left=172.31.114.227
    leftcert=LeftGty_email.crt
    ike=aes128-sha256-modp1536!
    esp=aes128-sha256!
    leftid=carol at strongswan.org
    rightsubnet=0.0.0.0/0
    leftfirewall=yes
    right=%any
    rightid=saravanan at strongswan.org
    keyexchange=ikev2
    auto=add

ipsec.secrets
: RSA LeftGty_email.key

I am suspecting the problem in configurations.If so, please help me to
correct the configuration or else
what could be the reason for the failure?.

Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120822/c03a2a1f/attachment.html>

More information about the Users mailing list