[strongSwan] DH group for key exchange is undefined

Thomas Egerer hakke_007 at gmx.de
Sat Jan 30 10:29:40 CET 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michael,

let me google that for you [1]! First result (in my search) [2]:

Key          charon.plugins.load-tester.proposal
Default      aes128-sha1-modp768
Description   IKE proposal to use in load test.

Et viola, here you go!

Thomas

[1] https://encrypted.google.com/search?hl=en&q=strongswan%20load%20tester
[2] https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests

On 01/30/2016 12:20 AM, Michael Chan wrote:
> I looked at the ike logs and I see the following message
> 
> [ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
> [IKE] peer didn't accept DH group MODP_1024, it requested MODP_1024
> 
> The packet capture shows the DH group is undefined. Is there a parameter to
> set the DH group for the ike key exchange? I have the following parameter
> in my load-tester.conf file.
> proposal = aes-sha1-modp1024
> 
> 
> 
> 
> On Fri, Jan 29, 2016 at 12:40 PM, Michael Chan <mchan49 at gmail.com> wrote:
> 
>> Hi,
>>      I'm wanting to use the load-tester plugin to perform load testing on
>> remote host, but the remote host keeps sending back INVALID_KE_PAYLOAD
>> message back. When I do a packet capture I see that the DH group for key
>> exchange payload is undefined. I tried setting in the load-tester.conf file
>> esp and proposal to use modp1024, but it doesn't change the key exchange
>> payload DH group at all. Is there a way to set the group in load-tester?
>>
>> Thanks,
>> Michael
>>
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWrIJ/AAoJEGK31ONirBTGAdQP/0an6YBvRi7Byfb3kFwCIYDh
ZSeumBYoxXfq0+FraFGgqe2/VgNR95Hoz2jXPB/djgK49tUBqQe9BH8WTiPtWvUq
yr9YC3y8oLo0RuYCvtgedC3zNosn79IArbpCjtE7bGW1VimJ1X2Z/6invNyNBDF+
R8DN6qCiC+eqxBrd9rxoyDNkSncPcwvtriVeStt8IlHdYLbi9FaxN0YmI5NQvXlO
+/FFSL4BB8iaavZyvntG2+8zqkPwEXHKKHlkkRQHLqilPA/+jIys1CHbmP5cYMag
q0pl4HwojWHWCV1BNJyplXDhuNnxiOYQGGq/7yqZXTvW8gfUkynQQALrGws/+BRL
e+9Go79iRgwyqUqN4EicRuD6ci0H8zJ+2LghH167C0G9jZFrLlPh8ozMrzFxftZn
lxPA9NNFLBpDAphq5GLzIXDcylU1msKsbz6YPkKWU+tDJbfwKYmSRUpeYjbJKUfz
x8RJPI87FivaXKRG1cOmNhWOUhcpThcsV7OYIh5GHQ2MlL2dCGSRi1tknBjYKtZ3
cKNvDUKzYzzpn2KrahUjde89QTkVSRaLxxTlll76OUui4GDoiG4z/DGaF9Fihg7y
qUzvR4rl2LthtQ20RJyDLTQHMYVMWeLMXJERj2NMZbOP/KmALXw7Xa0swce3hS7C
WaQRdH7bHxeM2TMYpWG4
=hre/
-----END PGP SIGNATURE-----

More information about the Users mailing list