[Openswan Users] INVALID_HASH_INFORMATION when remote peer is set to %any
Robyn Orosz
rorosz at gmail.com
Tue Apr 28 14:36:48 EDT 2009
Hi,
I'm attempting to connect an Openswan device with a TDT R52U UMTS/EDGE/GPRS
Router. The connection works fine when a fixed IP is set for the TDT device
however, the TDT device is behind a dynamic IP and so must be set with %any
and an ID. The TDT will only send an ID value if they are set to aggressive
mode (this seems to differ with Openswan as I can send an ID value in main
mode and aggressive mode). The TDT support claims that they are following
standards by only sending their ID in aggressive mode wheras it was my
understanding that aggressive mode was only used to speed up the IKE
negotiation.
When I have the connection set to %any on the Openswan side I get the
following:
state transition function for STATE_AGGR_R1 failed: INVALID_HASH_INFORMATION
I'm also seeing the following shortly after:
Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA
It's like they're attempting to establish phase 2 even though phase 1 never
completed.
With the same exact PSK and encryption/ hash settings without %any
(specifying the real IP address) the tunnel comes up immediately.
Any idea what would cause this? TDT is of course claiming that Openswan has
not implemented IPSec correctly but they can't tell me what exactly is not
correct about the Openswan implementation.
Thank you!
Robyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090428/aab4cba3/attachment.html
More information about the Users
mailing list