[Openswan Users] Key replaceing

cherzberg at gmx.de cherzberg at gmx.de
Wed Dec 5 02:30:17 EST 2007

Hi Paul,

what should I do. Both logs are taken at the same time. I have only one tunnel running so it the log of this connection. 
pfs=yes is set on both sites. 

The Linksys WRV200 isn't as informational as it shout but I will have a look. 

Gesendet mit BlackBerry von Vodafone

-----Original Message-----
From: Paul Wouters <paul at xelerance.com>

Date: Wed, 5 Dec 2007 00:32:19 
To:Christian Herzberg <cherzberg at gmx.de>
Cc:users at openswan.org
Subject: Re: [Openswan Users] Key replaceing

On Tue, 4 Dec 2007, Christian Herzberg wrote:

> > These two logs don't match up. The end that is sending the INVALID_MESSAGE_ID
> > will log why it is sending that too. So you missed the right log message.

> here arte both logs from now.

They still do not match up.

> Dec  4 23:44:39 linux-main pluto[17971]: "static_linksys_to_freeswan"
> #37605: ignoring informational payload, type NO_PROPOSAL_CHOSEN

The other end will have a log entry saying "sending informational payload
NO_PROPOSAL_CHOSEN". The line before that should be the reason why it
didnt pick the proposal.

What are your pfs settings? If you have pfs=no, try setting it to yes.
pfs is tricky because openswan/freeswan accepts pfs even with pfs=no,
but it might refuse an incoming connection made with pfs=no. And since
pfs=no just means "don't propose, but accept if proposed", you might
end up in a situation where initiator and responder flip and the
connection gets denied.


More information about the Users mailing list