[strongSwan] DH group for key exchange is undefined
Michael Chan
mchan49 at gmail.com
Sat Jan 30 00:20:15 CET 2016
I looked at the ike logs and I see the following message
[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
[IKE] peer didn't accept DH group MODP_1024, it requested MODP_1024
The packet capture shows the DH group is undefined. Is there a parameter to
set the DH group for the ike key exchange? I have the following parameter
in my load-tester.conf file.
proposal = aes-sha1-modp1024
On Fri, Jan 29, 2016 at 12:40 PM, Michael Chan <mchan49 at gmail.com> wrote:
> Hi,
> I'm wanting to use the load-tester plugin to perform load testing on
> remote host, but the remote host keeps sending back INVALID_KE_PAYLOAD
> message back. When I do a packet capture I see that the DH group for key
> exchange payload is undefined. I tried setting in the load-tester.conf file
> esp and proposal to use modp1024, but it doesn't change the key exchange
> payload DH group at all. Is there a way to set the group in load-tester?
>
> Thanks,
> Michael
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160129/badf99fd/attachment.html>
More information about the Users
mailing list