[Openswan Users] Is there a limitation for the number of IKE SA proposal which will be sending during the first message of phase 1?

[gal divx]

Hello all.



Is there a limitation for the number of IKE proposal send during the first
message of phase one (main mode)?



I configure ipsec.conf with a connection that IKE is set to be



ike="3des-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1024,aes192-sha1-modp1024,aes192-md5-modp1024,aes256-sha1-modp1024,aes256-md5-modp1024,3des-sha1-modp1024,3des-md5-modp1024,aes128-sha1-modp1536,3des-sha1-modp1536,aes128-sha1-modp1024,aes128-md5-modp1024,aes192-sha1-modp1024,aes192-md5-modp1024,aes256-sha1-modp1024,aes256-md5-modp1024,3des-sha1-modp1024,3des-md5-modp1024,aes128-sha1-modp1536"

(total 20)



When I trying to establish the tunnel it seem that only the first 10
proposal are actually send in the ISAKMP packet (confirmed with Ethereal).

I did not specify the entire connection details and the other peer because
the tunnel establish successfully and there is not any other problem beside
the fact that only the first 10 SA offers are send in the first message of
phase 1 (main mode).



I check this behavior also between two fedora core 6 stations and the result
seem to be the same.



Is there a limitation for the number of IKE proposal which will be sending
during the first message of phase 1?



The Openswan version I am working on is 2.4.7 (cross compile for PPC) with
kernel version 2.6.9-34.EL



Any any help will be highly appreciate , Thanks , Gal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070618/5d66ad8a/attachment.html