gowrishankar.m at linux.vnet.ibm.com
Thu Mar 29 03:30:40 CEST 2012
On Wednesday 28 March 2012 11:51 PM, Eric_C_Johnson at Dell.com wrote:
> I have a situation where ESP packets appear to be getting mangled on
> the remote peer whenever I use SHA2-256-128 for Phase2 (ESP). I can
> establish the SAs from the Strongswan to the remote peer no problem.
> However, I get no packets returned after establishing the tunnel.
> The problem I am seeing is specific to this algorithm as I can get
> SHA1 working without any issue. I can also get SHA2_256_128 to work
> for P1 negotiations as well.
> What I am trying to find out is if there is any additional logging
> that I can enable on the Strongswan host
Did you have a chance to check:
> that could shed some light as to what is being mangled. I am
> reversing the test to initiate from the remote peer thinking the
> logging on Strongswan can help me understand what is wrong with the
> ESP packets being sent. I've confirmed via traces that the peer sends
> the ESP packet to the Strongswan host but the logging doesn't show any
> indication that it received the packet. All I see are the regular DPD
> log entries. When I decrypt the trace using wireshark the packets are
> not being interpreted correctly. They should be IPv6 packets with an
> attempt to establish an ftp session. But wireshark interpret them as
> IPv4 packets (???) with a bogus IP length.
> Can anybody help?
> Thanks in advance.
> Users mailing list
> Users at lists.strongswan.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users