[Openswan Users] Key replaceing
Paul Wouters
paul at xelerance.com
Wed Dec 5 00:32:19 EST 2007
On Tue, 4 Dec 2007, Christian Herzberg wrote:
> > These two logs don't match up. The end that is sending the INVALID_MESSAGE_ID
> > will log why it is sending that too. So you missed the right log message.
> here arte both logs from now.
They still do not match up.
> Dec 4 23:44:39 linux-main pluto[17971]: "static_linksys_to_freeswan"
> #37605: ignoring informational payload, type NO_PROPOSAL_CHOSEN
The other end will have a log entry saying "sending informational payload
NO_PROPOSAL_CHOSEN". The line before that should be the reason why it
didnt pick the proposal.
What are your pfs settings? If you have pfs=no, try setting it to yes.
pfs is tricky because openswan/freeswan accepts pfs even with pfs=no,
but it might refuse an incoming connection made with pfs=no. And since
pfs=no just means "don't propose, but accept if proposed", you might
end up in a situation where initiator and responder flip and the
connection gets denied.
Paul
More information about the Users
mailing list