[Openswan Users] Openswan to PIX, aes
Kevan Benson
kbenson at a-1networks.com
Thu Jun 9 17:05:43 CEST 2005
I'm trying to get a connection up between an Openswan 2.3.0 box and a PIX 515
using AES. The PIX is configured to use AES, SHA1 and Group 2, which equates
to aes-sha1-modp1024, but specifying that results in a log entry stating:
'esp string error: Non initial digit found for auth keylen, just after
"aes256-sha1-" (old_state=ST_AA_END)'
using esp/ike=aes256-sha1-1024 doesn't result in that error, but it has
problems with the proposal. The current connection looks like this:
conn os2pix
left=a.b.c.d
leftnexthop=%defaultroute
leftsubnet=192.168.167.0/255.255.255.0
right=w.x.y.z
rightsubnet=192.168.101.0/24
rightnexthop=%defaultroute
authby=secret
auto=start
type=tunnel
esp=aes256-sha1-1024
ike=aes256-sha1-1024
pfs=yes
The logs show this after an attempt to bring up the connection:
Jun 8 12:25:48 office1 pluto[18699]: packet from w.x.y.z:500: ignoring
informational payload, type NO_PROPOSAL_CHOSEN
Jun 8 12:25:48 office1 pluto[18699]: packet from w.x.y.z:500: received and
ignored informational message
Any suggestions on what openswan should look like when connecting to a PIX
with configured to use AES, SHA1 and Group 2?
--
Kevan Benson
A-1 Networks
More information about the Users
mailing list