[Openswan Users] Netgear DG834 (fwd)

Paul Wouters paul at xelerance.com
Tue Feb 27 12:33:05 EST 2007 

On Tue, 27 Feb 2007, Dale Taylor wrote:

> OK now im getting the following error as well:
>
> no IKE algorithms for this connection

I am not sure why you are getting intermittent errors on availability of
modules. The only thing i can think of is that autoloading modules is not
working for you, and some modules get unloaded on restarting openswan.
This would only be an issue for netkey, since klips uses its internal crypto
functions in openswan 2.4.x

Paul

> here is a copy of my log:
>
> Feb 27 17:40:40 leedscast pluto[12038]: packet from 82.26.*.*:1: received
> Vendor ID payload [Dead Peer Detection]
> Feb 27 17:40:40 ourserver pluto[12038]: packet from 82.26.*.*:1: initial
> Main Mode message received on 194.*.*.*:500 but no connection has been
> authorized
> Feb 27 17:40:43 ourserver pluto[12038]: added connection description
> "conection"
> Feb 27 17:40:54 ourserver pluto[12038]: "conection" #8: initiating Main Mode
> Feb 27 17:41:15 ourserver pluto[12038]: "conection": deleting connection
> Feb 27 17:41:15 ourserver pluto[12038]: "conection" #8: deleting state
> (STATE_MAIN_I1)
> Feb 27 17:42:52 ourserver pluto[12038]: ike string error: hash_alg not
> found, enc_alg="3des", auth_alg="sha1", modp="modp1024"
> Feb 27 17:42:52 ourserver pluto[12038]: added connection description
> "conection"
> Feb 27 17:42:59 ourserver pluto[12038]: "conection" #9: initiating Main Mode
> Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
> connection
> Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
> connection
> Feb 27 17:42:59 ourserver pluto[12038]: | no ISAKMP SA algo proposal to send
> -using default 3DES-MD5/SHA1
>
> If anyone can shed any light on this I would appreciate it.
>
> Regards
>
> Dale
>
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: 26 February 2007 22:58
> To: Dale Taylor
> Cc: users at openswan.org
> Subject: [Openswan Users] Netgear DG834 (fwd)
>
>
> > 003 ike string error: hash_alg not found, enc_alg="3des", auth_alg="sha1",
> > modp="modp1024"
> >
> > conn someone
> >         type=tunnel
> >         authby=secret
> >         keyexchange=ike
> >         auto=start
> >         pfs=no
> >         # aggrmode=yes
> >         ike=3des-sha1-modp1024
> >         esp=3des-sha1
> >         # LOCAL
> >         left=%defaultroute
> >         leftsubnet=192.168.10.0/24
> >         leftid=me at localid.org
> >         # REMOTE
> >         right=someone.dyndns.org
> >         rightsubnet=192.168.254.0/24
> >         rightnexthop=%defaultroute
> >         rightid=id at remoteid.org
>
> I added this to our test server and did: ipsec auto --add someone:
>
> Feb 26 23:29:56 testserver pluto[1879]: added connection description
> "someone"
>
> What version of openswan is this? You can try using "sha" instead of "sha1"
> for some older versions.
>
> > PFS: Off
>
> Your openswan config is using PFS. If possible you should change it on the
> other end as well. If you can't, add pfs=no and leave out the modpgroup
> setting.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list