[strongSwan] newbie qs. suite B with AES-GCM

Andreas Steffen andreas.steffen at strongswan.org
Thu Jan 5 06:00:05 CET 2012


Hello Anil,

something is wrong with your roadwarrior configuration on carol:

  configured DH group MODP_NONE not supported

How does the ipsec.conf file on carol look like?

Regards

Andreas

On 05.01.2012 01:43, Philip Anil-QBW348 wrote:
> Andreas,
> I am trying to go thru the commands in console.log
> Am getting an error on carol.
> Anil
> 
> -------------moon--------------------
> ~$ sudo ipsec start
> Starting strongSwan 4.5.2 IPsec [starter]...
> !! Your strongswan.conf contains manual plugin load options for
> !! pluto and/or charon. This is recommended for experts only, see
> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/ipv4/ah4.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/ipv4/esp4.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/xfrm/xfrm_ipcomp.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/ipv4/ipcomp.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/ipv4/tunnel4.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/ipv4/xfrm4_tunnel.ko
> insmod /lib/modules/3.0.0-14-generic-pae/kernel/net/xfrm/xfrm_user.ko
> ~$ sudo ipsec statusall
> Status of IKEv2 charon daemon (strongSwan 4.5.2):
>   uptime: 7 minutes, since Jan 04 12:33:26 2012
>   malloc: sbrk 135168, mmap 0, used 75808, free 59360
>   worker threads: 10 idle of 16, job queue load: 0, scheduled events: 0
>   loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509
> revocation hmac xcbc gcm stroke kernel-netlink updown
> Listening IP addresses:
>   192.168.1.100
> Connections:
>           rw:  192.168.1.100...%any
>           rw:   local:  [moon.strongswan.org] uses public key authentication
>           rw:   remote: [%any] uses any authentication
>           rw:    crl:   status must be GOOD
>           rw:   child:  10.1.0.0/16 === dynamic
> Security Associations:
>   none
> ~$
> 
> ----------roadwarrior carol--------------
> ~$ sudo ipsec start
> Starting strongSwan 4.5.2 IPsec [starter]...
> !! Your strongswan.conf contains manual plugin load options for
> !! pluto and/or charon. This is recommended for experts only, see
> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> charon is already running (/var/run/charon.pid exists) -- skipping
> charon start
> starter is already running (/var/run/starter.pid exists) -- no fork done
> ~$ sleep 1
> ~$ sudo ipsec up home
> initiating IKE_SA home[1] to 192.168.1.100
> configured DH group MODP_NONE not supported
> tried to check-in and delete nonexisting IKE_SA

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120105/4d582ebd/attachment.bin>


More information about the Users mailing list