[strongSwan] issue with modpnull Diffie-Hellman group

Chinmaya Dwibedy ckdwibedy at yahoo.com
Thu Feb 27 12:25:12 CET 2014

Hi ,

I am using the modpnull Diffie-Hellman gr to avoid the DH calculation overhead (strongswan-5.0.4). But it is unable to establish the security association. Here goes the logs at IKE responder end. Can anyone please suggest what is the wrong?   

11[CFG] received stroke: add connection 'host-host'
11[CFG] adding virtual IP address pool
11[CFG] added configuration 'host-host'
13[NET] <1> received packet: from[500] to[500] (176 bytes)
13[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
13[CFG] <1> an algorithm from private space would match, but peer implementation is unknown, skipped
13[CFG] <1> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL
13[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL
13[IKE] <1> received proposals inacceptable
13[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
13[NET] <1> sending packet: from[500] to[500] (36 bytes)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140227/2f210782/attachment.html>

More information about the Users mailing list