[strongSwan] issue with modpnull Diffie-Hellman group
andreas.steffen at strongswan.org
Thu Feb 27 14:20:06 CET 2014
since MODP_NULL is not an IANA-registered DH group but intended
for testing purposes only, You must send the strongSwan Vendor ID
by adding the following statements
send_vendor_id = yes
in the /etc/strongswan.conf files of both endpoints.
On 02/27/2014 12:25 PM, Chinmaya Dwibedy wrote:
> Hi ,
> I am using the modpnull Diffie-Hellman gr to avoid the DH calculation
> overhead (strongswan-5.0.4). But it is unable to establish the security
> association. Here goes the logs at IKE responder end. Can anyone please
> suggest what is the wrong?
> 11[CFG] received stroke: add connection 'host-host'
> 11[CFG] adding virtual IP address pool 10.0.0.0/8
> 11[CFG] added configuration 'host-host'
> 13[NET] <1> received packet: from 126.96.36.199 to 188.8.131.52
> (176 bytes)
> 13[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) ]
> 13[CFG] <1> an algorithm from private space would match, but peer
> implementation is unknown, skipped
> 13[CFG] <1> received proposals:
> 13[CFG] <1> configured proposals:
> 13[IKE] <1> received proposals inacceptable
> 13[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
> 13[NET] <1> sending packet: from 184.108.40.206 to 220.127.116.11
> (36 bytes)
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users