[Openswan Users] Netgear DG834 (fwd)
Paul Wouters
paul at xelerance.com
Tue Feb 27 12:38:15 EST 2007
On Tue, 27 Feb 2007, Dale Taylor wrote:
> I just did used the standard install from clean debian install, did apt-get
> install openswan (and let it install all the dependancies).
>
> Using debian Sarge.
Idon't know anything specfic, Just verify you have modules loaded before starting
openswan. I assume you are using netkey (ipsec --version will tell you)
Paul
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: 27 February 2007 17:33
> To: Dale Taylor
> Cc: users at openswan.org
> Subject: RE: [Openswan Users] Netgear DG834 (fwd)
>
> On Tue, 27 Feb 2007, Dale Taylor wrote:
>
> > OK now im getting the following error as well:
> >
> > no IKE algorithms for this connection
>
> I am not sure why you are getting intermittent errors on availability of
> modules. The only thing i can think of is that autoloading modules is not
> working for you, and some modules get unloaded on restarting openswan.
> This would only be an issue for netkey, since klips uses its internal crypto
> functions in openswan 2.4.x
>
> Paul
>
> > here is a copy of my log:
> >
> > Feb 27 17:40:40 leedscast pluto[12038]: packet from 82.26.*.*:1: received
> > Vendor ID payload [Dead Peer Detection]
> > Feb 27 17:40:40 ourserver pluto[12038]: packet from 82.26.*.*:1: initial
> > Main Mode message received on 194.*.*.*:500 but no connection has been
> > authorized
> > Feb 27 17:40:43 ourserver pluto[12038]: added connection description
> > "conection"
> > Feb 27 17:40:54 ourserver pluto[12038]: "conection" #8: initiating Main
> Mode
> > Feb 27 17:41:15 ourserver pluto[12038]: "conection": deleting connection
> > Feb 27 17:41:15 ourserver pluto[12038]: "conection" #8: deleting state
> > (STATE_MAIN_I1)
> > Feb 27 17:42:52 ourserver pluto[12038]: ike string error: hash_alg not
> > found, enc_alg="3des", auth_alg="sha1", modp="modp1024"
> > Feb 27 17:42:52 ourserver pluto[12038]: added connection description
> > "conection"
> > Feb 27 17:42:59 ourserver pluto[12038]: "conection" #9: initiating Main
> Mode
> > Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
> > connection
> > Feb 27 17:42:59 ourserver pluto[12038]: | no IKE algorithms for this
> > connection
> > Feb 27 17:42:59 ourserver pluto[12038]: | no ISAKMP SA algo proposal to
> send
> > -using default 3DES-MD5/SHA1
> >
> > If anyone can shed any light on this I would appreciate it.
> >
> > Regards
> >
> > Dale
> >
> > -----Original Message-----
> > From: Paul Wouters [mailto:paul at xelerance.com]
> > Sent: 26 February 2007 22:58
> > To: Dale Taylor
> > Cc: users at openswan.org
> > Subject: [Openswan Users] Netgear DG834 (fwd)
> >
> >
> > > 003 ike string error: hash_alg not found, enc_alg="3des",
> auth_alg="sha1",
> > > modp="modp1024"
> > >
> > > conn someone
> > > type=tunnel
> > > authby=secret
> > > keyexchange=ike
> > > auto=start
> > > pfs=no
> > > # aggrmode=yes
> > > ike=3des-sha1-modp1024
> > > esp=3des-sha1
> > > # LOCAL
> > > left=%defaultroute
> > > leftsubnet=192.168.10.0/24
> > > leftid=me at localid.org
> > > # REMOTE
> > > right=someone.dyndns.org
> > > rightsubnet=192.168.254.0/24
> > > rightnexthop=%defaultroute
> > > rightid=id at remoteid.org
> >
> > I added this to our test server and did: ipsec auto --add someone:
> >
> > Feb 26 23:29:56 testserver pluto[1879]: added connection description
> > "someone"
> >
> > What version of openswan is this? You can try using "sha" instead of
> "sha1"
> > for some older versions.
> >
> > > PFS: Off
> >
> > Your openswan config is using PFS. If possible you should change it on the
> > other end as well. If you can't, add pfs=no and leave out the modpgroup
> > setting.
> >
> > Paul
> > --
> > Building and integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list