[Openswan Users] Netgear DG834 (fwd)

Dale Taylor dale at bluehall.net
Tue Feb 27 11:55:54 EST 2007 

OK now im getting the following error as well:

no IKE algorithms for this connection

here is a copy of my log:

Feb 27 17:40:40 leedscast pluto[12038]: packet from 82.26.*.*:1: received
Vendor ID payload [Dead Peer Detection]
Feb 27 17:40:40 ourserver pluto[12038]: packet from 82.26.*.*:1: initial
Main Mode message received on 194.*.*.*:500 but no connection has been
authorized
Feb 27 17:40:43 ourserver pluto[12038]: added connection description
"conection"
Feb 27 17:40:54 ourserver pluto[12038]: "conection" #8: initiating Main Mode
Feb 27 17:41:15 ourserver pluto[12038]: "conection": deleting connection
Feb 27 17:41:15 ourserver pluto[12038]: "conection" #8: deleting state
(STATE_MAIN_I1)
Feb 27 17:42:52 ourserver pluto[12038]: ike string error: hash_alg not
found, enc_alg="3des", auth_alg="sha1", modp="modp1024"
Feb 27 17:42:52 ourserver pluto[12038]: added connection description
"conection"
Feb 27 17:42:59 ourserver pluto[12038]: "conection" #9: initiating Main Mode
Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
connection
Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
connection
Feb 27 17:42:59 ourserver pluto[12038]: | no ISAKMP SA algo proposal to send
-using default 3DES-MD5/SHA1

If anyone can shed any light on this I would appreciate it.

Regards

Dale

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: 26 February 2007 22:58
To: Dale Taylor
Cc: users at openswan.org
Subject: [Openswan Users] Netgear DG834 (fwd)


> 003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1",
> modp="modp1024"
>
> conn someone
>         type=tunnel
>         authby=secret
>         keyexchange=ike
>         auto=start
>         pfs=no
>         # aggrmode=yes
>         ike=3des-sha1-modp1024
>         esp=3des-sha1
>         # LOCAL
>         left=%defaultroute
>         leftsubnet=192.168.10.0/24
>         leftid=me at localid.org
>         # REMOTE
>         right=someone.dyndns.org
>         rightsubnet=192.168.254.0/24
>         rightnexthop=%defaultroute
>         rightid=id at remoteid.org

I added this to our test server and did: ipsec auto --add someone:

Feb 26 23:29:56 testserver pluto[1879]: added connection description
"someone"

What version of openswan is this? You can try using "sha" instead of "sha1"
for some older versions.

> PFS: Off

Your openswan config is using PFS. If possible you should change it on the
other end as well. If you can't, add pfs=no and leave out the modpgroup
setting.

Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list