[strongSwan] [Strongswan] AH mode support in Strongswan for Ikev1
SaRaVanAn
saravanan.nagarajan87 at gmail.com
Mon May 28 15:40:31 CEST 2012
Hi Team,
I hope , ah mode in strongswan is supported for Ikev1. But I tried to
form a tunnel
using AH mode with ikev1, but strongswan was expecting ESP proposal even i
configured
auth=ah. If ah mode is supported for Ikev1 , please correct me if there
any syntax error in
the below configuration file which makes thing not working.
*ipsec.conf*
____________
# basic configuration
ca vpnca
cacert=ca1Cert.pem
#crluri=crl.pem
auto=add
config setup
plutostart=yes
plutodebug=all
charonstart=yes
charondebug=all
nat_traversal=yes
crlcheckinterval=10m
strictcrlpolicy=no
conn %default
ikelifetime=1h
keylife=2h
keyingtries=1
conn fqdn_vr
auth=ah
type=transport
keyexchange=ikev1
left=172.31.114.227
right=%any
rightid=172.31.114.211
pfs=no
rekey=no
auto=add
*logs*
_____
May 28 18:48:07 uxcasxxx pluto[32284]: | ******parse ISAKMP IPsec DOI
attribute:
May 28 18:48:07 uxcasxxx pluto[32284]: | af+type: ENCAPSULATION_MODE
May 28 18:48:07 uxcasxxx pluto[32284]: | length/value: 1
May 28 18:48:07 uxcasxxx pluto[32284]: | [1 is ENCAPSULATION_MODE_TUNNEL]
May 28 18:48:07 uxcasxxx pluto[32284]: | ******parse ISAKMP IPsec DOI
attribute:
May 28 18:48:07 uxcasxxx pluto[32284]: | af+type: AUTH_ALGORITHM
May 28 18:48:07 uxcasxxx pluto[32284]: | length/value: 2
May 28 18:48:07 uxcasxxx pluto[32284]: | [2 is HMAC_SHA1]
*May 28 18:48:07 uxcasxxx pluto[32284]: | policy for "fqdn_vr" requires
encryption but ESP not in Proposal from 172.31.114.211
May 28 18:48:07 uxcasxxx pluto[32284]: "fqdn_vr"[1] 172.31.114.211 #2: no
acceptable Proposal in IPsec SA
May 28 18:48:07 uxcasxxx pluto[32284]: "fqdn_vr"[1] 172.31.114.211 #2:
sending encrypted notification *NO_PROPOSAL_CHOSEN to 172.31.114.211:500
May 28 18:48:07 uxcasxxx pluto[32284]: | **emit ISAKMP Message:
May 28 18:48:07 uxcasxxx pluto[32284]: | initiator cookie:
May 28 18:48:07 uxcasxxx pluto[32284]: | 39 e8 20 f0 36 bb c5 63
May 28 18:48:07 uxcasxxx pluto[32284]: | responder cookie:
May 28 18:48:07 uxcasxxx pluto[32284]: | 1b 60 45 9a ac b4 b9 d9
May 28 18:48:07 uxcasxxx pluto[32284]: | next payload type:
ISAKMP_NEXT_HASH
May 28 18:48:07 uxcasxxx pluto[32284]: | ISAKMP version: ISAKMP Version
1.0
May 28 18:48:07 uxcasxxx pluto[32284]: | exchange type: ISAKMP_XCHG_INFO
May 28 18:48:07 uxcasxxx pluto[32284]: | flags: ISAKMP_FLAG_ENCRYPTION
May 28 18:48:07 uxcasxxx pluto[32284]: | message ID: 4a 6d 47 56
May 28 18:48:07 uxcasxxx pluto[32284]: | ***emit ISAKMP Hash Payload:
May 28 18:48:07 uxcasxxx pluto[32284]: | next payload type: ISAKMP_NEXT_N
May 28 18:48:07 uxcasxxx pluto[32284]: | emitting 20 zero bytes of HASH
into ISAKMP Hash Payload
May 28 18:48:07 uxcasxxx pluto[32284]: | emitting length of ISAKMP Hash
Payload: 24
May 28 18:48:07 uxcasxxx pluto[32284]: | ***emit ISAKMP Notification
Payload:
May 28 18:48:07 uxcasxxx pluto[32284]: | next payload type:
ISAKMP_NEXT_NONE
May 28 18:48:07 uxcasxxx pluto[32284]: | DOI: ISAKMP_DOI_IPSEC
May 28 18:48:07 uxcasxxx pluto[32284]: | protocol ID: 1
May 28 18:48:07 uxcasxxx pluto[32284]: | SPI size: 0
May 28 18:48:07 uxcasxxx pluto[32284]: | Notify Message Type:
NO_PROPOSAL_CHOSEN
May 28 18:48:07 uxcasxxx pluto[32284]: | emitting 0 raw bytes of spi into
ISAKMP Notification Payload
May 28 18:48:07 uxcasxxx pluto[32284]: | spi
May 28 18:48:07 uxcasxxx pluto[32284]: | emitting length of ISAKMP
Notification Payload: 12
Regards,
Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120528/5e6fb9f4/attachment.html>
More information about the Users
mailing list