[strongSwan] parsed ID_PROT response 0 [ KE No ]
Andreas Steffen
andreas.steffen at strongswan.org
Tue Aug 2 11:26:44 CEST 2016
Hi Lakshmi,
ECP256 requires the openssl plugin which is not compiled by default.
Make sure that the openssl plugin is present and has been loaded
by the charon daemon. The ipsec statusall command returns a list of
all loaded plugins.
BTW - the pfs parameter has been deprecated. Please use the esp
parameter as you have correctly done.g
Regards
Andreas
On 02.08.2016 08:48, Lakshmi Prasanna wrote:
> Hello,
>
> While trying to test strongswan with IKE DH group-19, the negotiation
> somehow doesn't go past main mode 2. There is however no log to describe
> the error that prevents the negotiation.
>
> Could someone post some insight? My configs looks like this:
>
> keyexchange=ikev1
>
> type=transport
>
> ikelifetime=480m
>
> ike=aes256-sha256-ecp256!
>
> esp=aes256-sha256!
>
> left=9.11.120.120
>
> leftprotoport=17/1812
>
> right=9.11.53.11
>
> rightprotoport=17/0-1812
>
> pfs=no
>
> authby=psk
>
> auto=add
>
>
> Thanks,
>
> Lakshmi
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160802/ea1e6874/attachment-0001.bin>
More information about the Users
mailing list