[strongSwan] parsed ID_PROT response 0 [ KE No ]

Andreas Steffen andreas.steffen at strongswan.org
Tue Aug 2 11:42:47 CEST 2016 

Well then without a log to diagnose I cannot help you further.

Andreas

On 02.08.2016 11:38, Lakshmi Prasanna wrote:
> Hi Andreas,
> 
> Thanks for the quick reply. I do see that the openssl plugin is loaded.
> 
> *  loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
> revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
> pem _openssl_ fips-prf xcbc cmac hmac attr kernel-netlink resolve
> socket-default stroke updown xauth-generic*
> 
> Do you think there is something else that I might need to check? 
> 
> Thanks,
> 
> Lakshmi
> 
> 
> On Tue, Aug 2, 2016 at 2:56 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
> 
>     Hi Lakshmi,
> 
>     ECP256 requires the openssl plugin which is not compiled by default.
>     Make sure that the openssl plugin is present and has been loaded
>     by the charon daemon. The ipsec statusall command returns a list of
>     all loaded plugins.
> 
>     BTW - the pfs parameter has been deprecated. Please use the esp
>           parameter as you have correctly done.g
> 
>     Regards
> 
>     Andreas
> 
>     On 02.08.2016 08:48, Lakshmi Prasanna wrote:
>     > Hello,
>     >
>     > While trying to test strongswan with IKE DH group-19, the negotiation
>     > somehow doesn't go past main mode 2. There is however no log to
>     describe
>     > the error that prevents the negotiation.
>     >
>     > Could someone post some insight? My configs looks like this:
>     >
>     > keyexchange=ikev1
>     >
>     >         type=transport
>     >
>     >         ikelifetime=480m
>     >
>     > ike=aes256-sha256-ecp256!
>     >
>     > esp=aes256-sha256!
>     >
>     > left=9.11.120.120
>     >
>     >         leftprotoport=17/1812
>     >
>     >         right=9.11.53.11
>     >
>     >         rightprotoport=17/0-1812
>     >
>     >         pfs=no
>     >
>     >         authby=psk
>     >
>     >         auto=add
>     >
>     >
>     > Thanks,
>     >
>     > Lakshmi
>     >
>     >
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > Users mailing list
>     > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
>     > https://lists.strongswan.org/mailman/listinfo/users
>     >
> 
>     --
>     ======================================================================
>     Andreas Steffen                       
>      andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>
>     strongSwan - the Open Source VPN Solution!         
>     www.strongswan.org <http://www.strongswan.org>
>     Institute for Internet Technologies and Applications
>     University of Applied Sciences Rapperswil
>     CH-8640 Rapperswil (Switzerland)
>     ===========================================================[ITA-HSR]==
> 
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160802/9c2309eb/attachment-0001.bin>

More information about the Users mailing list