[Openswan Users] Re: [Users] connection between isampd and ipsec on linux and this error: "ignoring informational payload, type NO_PROPOSAL_CHOSEN"

Michael Richardson mcr at sandelman.ottawa.on.ca
Sun Feb 15 11:53:39 CET 2004


>>>>> "Paul" == Paul Wouters <paul at xtdnet.nl> writes:
    >> Jan 21 16:45:41 vpn-gate pluto[7467]: "testing-sub" #1: ignoring
    >> informational payload, type NO_PROPOSAL_CHOSEN

    Paul> This means both parties have no proposal in common. Usually this
    Paul> means one side only wants to do X.509 certificates and the other
    Paul> side only wants to do raw RSA keys, or it means they cannot agree

  Actually, "X.509" and "raw RSA" are just ways to authenticate the public
key - but are in fact "RSA Signature" mode. (Unless it is a DSA certificate,
I guess)

    Paul> on a certain algorith/cipher. Common is offering only 1DES to a
    Paul> FreeS/WAN machine, which refuses to talk 1DES because it is trivial
    Paul> to brute-force.

  1DES is a typical reason.

  I think that there should be more logging, but on the side involved, where
we get no proposal chosen notify, that's as much as we can know.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys


More information about the Users mailing list