[Openswan Users] Netgear DG834 (fwd)
Dale Taylor
dale at bluehall.net
Tue Feb 27 11:55:54 EST 2007
OK now im getting the following error as well:
no IKE algorithms for this connection
here is a copy of my log:
Feb 27 17:40:40 leedscast pluto[12038]: packet from 82.26.*.*:1: received
Vendor ID payload [Dead Peer Detection]
Feb 27 17:40:40 ourserver pluto[12038]: packet from 82.26.*.*:1: initial
Main Mode message received on 194.*.*.*:500 but no connection has been
authorized
Feb 27 17:40:43 ourserver pluto[12038]: added connection description
"conection"
Feb 27 17:40:54 ourserver pluto[12038]: "conection" #8: initiating Main Mode
Feb 27 17:41:15 ourserver pluto[12038]: "conection": deleting connection
Feb 27 17:41:15 ourserver pluto[12038]: "conection" #8: deleting state
(STATE_MAIN_I1)
Feb 27 17:42:52 ourserver pluto[12038]: ike string error: hash_alg not
found, enc_alg="3des", auth_alg="sha1", modp="modp1024"
Feb 27 17:42:52 ourserver pluto[12038]: added connection description
"conection"
Feb 27 17:42:59 ourserver pluto[12038]: "conection" #9: initiating Main Mode
Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
connection
Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
connection
Feb 27 17:42:59 ourserver pluto[12038]: | no ISAKMP SA algo proposal to send
-using default 3DES-MD5/SHA1
If anyone can shed any light on this I would appreciate it.
Regards
Dale
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: 26 February 2007 22:58
To: Dale Taylor
Cc: users at openswan.org
Subject: [Openswan Users] Netgear DG834 (fwd)
> 003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1",
> modp="modp1024"
>
> conn someone
> type=tunnel
> authby=secret
> keyexchange=ike
> auto=start
> pfs=no
> # aggrmode=yes
> ike=3des-sha1-modp1024
> esp=3des-sha1
> # LOCAL
> left=%defaultroute
> leftsubnet=192.168.10.0/24
> leftid=me at localid.org
> # REMOTE
> right=someone.dyndns.org
> rightsubnet=192.168.254.0/24
> rightnexthop=%defaultroute
> rightid=id at remoteid.org
I added this to our test server and did: ipsec auto --add someone:
Feb 26 23:29:56 testserver pluto[1879]: added connection description
"someone"
What version of openswan is this? You can try using "sha" instead of "sha1"
for some older versions.
> PFS: Off
Your openswan config is using PFS. If possible you should change it on the
other end as well. If you can't, add pfs=no and leave out the modpgroup
setting.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list