[Openswan Users] Key replaceing
cherzberg at gmx.de
cherzberg at gmx.de
Wed Dec 5 02:30:17 EST 2007
Hi Paul,
what should I do. Both logs are taken at the same time. I have only one tunnel running so it the log of this connection.
pfs=yes is set on both sites.
The Linksys WRV200 isn't as informational as it shout but I will have a look.
Thanks
Christian
Gesendet mit BlackBerry von Vodafone
-----Original Message-----
From: Paul Wouters <paul at xelerance.com>
Date: Wed, 5 Dec 2007 00:32:19
To:Christian Herzberg <cherzberg at gmx.de>
Cc:users at openswan.org
Subject: Re: [Openswan Users] Key replaceing
On Tue, 4 Dec 2007, Christian Herzberg wrote:
> > These two logs don't match up. The end that is sending the INVALID_MESSAGE_ID
> > will log why it is sending that too. So you missed the right log message.
> here arte both logs from now.
They still do not match up.
> Dec 4 23:44:39 linux-main pluto[17971]: "static_linksys_to_freeswan"
> #37605: ignoring informational payload, type NO_PROPOSAL_CHOSEN
The other end will have a log entry saying "sending informational payload
NO_PROPOSAL_CHOSEN". The line before that should be the reason why it
didnt pick the proposal.
What are your pfs settings? If you have pfs=no, try setting it to yes.
pfs is tricky because openswan/freeswan accepts pfs even with pfs=no,
but it might refuse an incoming connection made with pfs=no. And since
pfs=no just means "don't propose, but accept if proposed", you might
end up in a situation where initiator and responder flip and the
connection gets denied.
Paul
More information about the Users
mailing list