[Openswan Users] Vigor2600 & Openswan 2.4.5rc5

Paul Wouters paul at xelerance.com
Sun Feb 19 20:29:10 CET 2006


On Sat, 18 Feb 2006, Roberto Fichera wrote:

> does anyone have some tips for the Draytek Vigor2600 (v2.5.5.3_I & v2.5.6_I)
> and
> Openswan interop because I'm getting some strance behaviour. The tunnel stay
> up
> for about one or two ours than I start to get error and the vigor2600 doesn't
> reconnect :
>
> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: responding to Main Mode
> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC is not
> supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: OAKLEY_DES_CBC is not
> supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
> Feb 18 00:08:46 vpn pluto[31374]: "vigor2600-vpn" #43: only
> OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute
> AKLEY_GROUP_DESCRIPTION

Change the IKE option in the "advanced" popup to not use 1DES. What is
happening is that openswan as initiator works fine, but when the Vigor
turns to become the initiator at next rekey, it fails because it is
announcing 1DES insteaf of 3DES or AES?

Paul


More information about the Users mailing list