[Openswan Users] Unable to establish site-to-site connection with NetgearFVS318

Utkarsh Shah utkarsh at elitecore.com
Fri Jul 13 04:48:16 EDT 2007 

Hi,

I am able to successfully establish connection with NetgearFVS318 model 
using 3DES and SHA1 in both way ie connection is initiated by either peer
even I am able to establish connection with NetgearFVS318 model using 
AES128 and SHA1 when my server initiates connection
but if Netgear initiates connection it fails :(

during debug i found following logs

Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2: 
OAKLEY_KEY_LENGTH
attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  
Attribute OAKL
EY_KEY_LENGTH
Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2: no 
acceptable Oakl
ey Transform
Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2: sending 
notificati
on NO_PROPOSAL_CHOSEN to 165.227.249.120:500
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: responding 
to Main
 Mode
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: 
OAKLEY_KEY_LENGTH
attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.  
Attribute OAKL
EY_KEY_LENGTH
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: no 
acceptable Oakl
ey Transform
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: sending 
notificati
on NO_PROPOSAL_CHOSEN to 165.227.249.120:500



when I checked proposal packet by ethereal
Transform number: 0
                 Transform ID: KEY_IKE (1)
                 Life-Type (11): Seconds (1)
                 Life-Duration (12): Duration-Value (28800)
                 Key-Length (14): Key-Length (128)
                 Encryption-Algorithm (1): AES-CBC (7)
                 Hash-Algorithm (2): SHA (2)
                 Authentication-Method (3): PSK (1)
                 Group-Description (4): Alternate 1024-bit MODP group (2)

 

And from the log for proposal sent by Other device then Netgear, it is:

Transform number: 0
                Transform ID: KEY_IKE (1)
                Encryption-Algorithm (1): AES-CBC (7)
                Key-Length (14): Key-Length (128)
                Hash-Algorithm (2): SHA (2)
                Authentication-Method (3): PSK (1)
                Group-Description (4): Alternate 1024-bit MODP group (2)
                Life-Type (11): Seconds (1)
                Life-Duration (12): Duration-Value (28800)


Is It due to difference in order of key length and encryption algorithm??

Kindly guide me for the same..


Regards,
Utkarsh Shah

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070713/f5186733/attachment.html

More information about the Users mailing list