[strongSwan] issue with modpnull Diffie-Hellman group

Noel Kuntze noel at familie-kuntze.de
Thu Feb 27 12:27:21 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Chinmaya,

It looks like the initiator client doesn not like your cipher proposal.

Regards
Noel Kuntze

On 27.02.2014 12:25, Chinmaya Dwibedy wrote:
> Hi ,
>
> I am using the modpnull Diffie-Hellman gr to avoid the DH calculation overhead (strongswan-5.0.4). But it is unable to establish the security association. Here goes the logs at IKE responder end. Can anyone please suggest what is the wrong?  
>
> 11[CFG] received stroke: add connection 'host-host'
> 11[CFG] adding virtual IP address pool 10.0.0.0/8
> 11[CFG] added configuration 'host-host'
> 13[NET] <1> received packet: from 30.30.30.11[500] to 30.30.30.21[500] (176 bytes)
> 13[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 13[CFG] <1> an algorithm from private space would match, but peer implementation is unknown, skipped
> 13[CFG] <1> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL
> 13[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_NULL
> 13[IKE] <1> received proposals inacceptable
> 13[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
> 13[NET] <1> sending packet: from 30.30.30.21[500] to 30.30.30.11[500] (36 bytes)
>
> Regards,
> Chinmaya
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTDyEZAAoJEDg5KY9j7GZYwKoP/jhQSy93o6Rolpt/aIdrOYXx
CgM6FmlH/YYoNn5PJk7h7bDx3ANxsDo/zT7aqXmLMrwgX0DJraxOcXfWl7Nn+8eg
kdEeJs9+DeOyK/5TZGHDGDVZvqmZ7evoYXSaL/3sssNIhkjIBGk6UpfvLGhyTu6H
c7+XMRAm5+qGaG5WQ0JVyQ2GZRVVr8WVDpLiLoQW2TIjY4RUtUGlr6iP+UJ7bhg4
xryIzO4ZEQMPh16S4pgBFxP8CI/E9PevkZP0aSIBm+bKCkf9c5C9hUBqP46h7HIo
WYSUfdtIVZE87qEpGo+ak5kWTmuOzdF3ndRctZcx5w21gOHXGP4OoqgoEeco/qyt
V+GHTgqzjL+7pPbov9FEyA8qPf/tt92eZZuHNYCUt+CKVpkmHmmW34uG7nN8M/UW
vtl4e5cw+ntY8QGtGD8dwAAjJhARl9MSz4jcebL/64X6FATgluLrS6ObExCfpFLD
9cCifDl1RW+Xf4TDOARPOlikdiz91pSpLnguI4ETWSLTWmTGxwJ/CUpzujiEOy0b
6Qs+mPQauEUQHKurwBMGmrq0vBHf3bONRITgvYmyYSOoUSPBLbbIknhzy+ZIsoV+
zpP2ja08cUwTOsB9vqPR98bUs3BhqnJw4NxBqQC3EkQbMeD8yr/RNZooO6/Mwznj
yQSftZZyWBj2c0RpM1LM
=SaIP
-----END PGP SIGNATURE-----

More information about the Users mailing list