[Openswan Users] openswan-nokia: gateway not responding
hutx
hutx at yahoo.com
Thu Jan 8 12:29:07 EST 2009
I met a problem when I tried to build a VPN between
Nokia client and Openswan. This problem has been
posted in Openswan lists by Fredo Sartori last May.
But no body replied it. I post it again. Please help
us.
//////////////////////////////////////////////
ello,
am trying to set up a vpn gateway for Nokia (S60)
clients. Using XAUTH I am able to authenticate and an
ISAKMP SA is established.
After that one more UDP packet is sent to the phone.
Some seconds later the phone throws the error message
"Web: gateway
does not respond" and the connection dies ...
Using an openswan client, a VPN tunnel can be
established.
Logfile of openswan
May 23 11:55:07 spd-1145h ipsec_setup: Stopping
Openswan IPsec...
May 23 11:55:07 spd-1145h kernel: [347455.206150]
klips_info:ipsec_init: KLIPS startup, Openswan KLIPS
IPsec stack version: 2.4.12
May 23 11:55:07 spd-1145h kernel: [347455.206213] NET:
Registered protocol family 15
May 23 11:55:07 spd-1145h kernel: [347455.206652]
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0
(EALG_MAX=255, AALG_MAX=251)
May 23 11:55:07 spd-1145h kernel: [347455.206658]
klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()
May 23 11:55:07 spd-1145h kernel: [347455.206667]
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
May 23 11:55:07 spd-1145h kernel: [347455.206672]
klips_debug: experimental ipsec_alg_AES_MAC not
registered [Ok] (auth_id=0)
May 23 11:55:07 spd-1145h kernel: [347455.206679]
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
May 23 11:55:07 spd-1145h ipsec_setup: KLIPS debug
`none'
May 23 11:55:07 spd-1145h kernel: [347455.363691]
May 23 11:55:07 spd-1145h ipsec_setup: KLIPS ipsec0 on
eth1 172.16.81.120/255.255.252.0 broadcast
172.16.83.255
May 23 11:55:07 spd-1145h ipsec__plutorun: Starting
Pluto subsystem...
May 23 11:55:07 spd-1145h ipsec__plutorun: Unknown
default RSA hostkey scheme, not generating a default
hostkey
May 23 11:55:07 spd-1145h pluto[4704]: Starting Pluto
(Openswan Version 2.4.12 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR; Vendor ID OEKBzdY{wM]@)
May 23 11:55:07 spd-1145h pluto[4704]: Setting
NAT-Traversal port-4500 floating to on
May 23 11:55:07 spd-1145h pluto[4704]: port
floating activation criteria nat_t=1/port_fload=1
May 23 11:55:07 spd-1145h pluto[4704]: including
NAT-Traversal patch (Version 0.6c)
May 23 11:55:07 spd-1145h pluto[4704]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)
May 23 11:55:07 spd-1145h pluto[4704]: no helpers will
be started, all cryptographic operations will be done
inline
May 23 11:55:07 spd-1145h pluto[4704]: Using KLIPS
IPsec interface code on 2.6.23.16-2.6.23.16-with-natt
May 23 11:55:07 spd-1145h pluto[4704]: Changing to
directory '/etc/ipsec.d/cacerts'
May 23 11:55:07 spd-1145h pluto[4704]: loaded CA
cert file 'ca.pem' (2378 bytes)
May 23 11:55:07 spd-1145h pluto[4704]: Changing to
directory '/etc/ipsec.d/aacerts'
May 23 11:55:07 spd-1145h pluto[4704]: Changing to
directory '/etc/ipsec.d/ocspcerts'
May 23 11:55:07 spd-1145h pluto[4704]: Changing to
directory '/etc/ipsec.d/crls'
May 23 11:55:07 spd-1145h pluto[4704]: Warning:
empty directory
May 23 11:55:07 spd-1145h ipsec_setup: ...Openswan
IPsec started
May 23 11:55:07 spd-1145h ipsec_setup: Starting
Openswan IPsec 2.4.12...
May 23 11:55:07 spd-1145h pluto[4704]: loading secrets
from "/etc/ipsec.secrets"
May 23 11:55:07 spd-1145h pluto[4704]: added
connection description "fredos-phone"
May 23 11:55:07 spd-1145h pluto[4704]: added
connection description "psk-client"
May 23 11:55:07 spd-1145h pluto[4704]: listening for
IKE messages
May 23 11:55:07 spd-1145h pluto[4704]: adding
interface ipsec0/eth1 172.16.81.120:500
May 23 11:55:07 spd-1145h pluto[4704]: adding
interface ipsec0/eth1 172.16.81.120:4500
May 23 11:55:07 spd-1145h pluto[4704]: forgetting
secrets
May 23 11:55:07 spd-1145h pluto[4704]: loading secrets
from "/etc/ipsec.secrets"
....
May 23 11:55:29 spd-1145h pluto[4704]: packet from
77.24.7.233:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] method set to=108
May 23 11:55:29 spd-1145h pluto[4704]: packet from
77.24.7.233:500: received Vendor ID payload [XAUTH]
May 23 11:55:29 spd-1145h pluto[4704]: packet from
77.24.7.233:500: received Vendor ID payload
[Cisco-Unity]
May 23 11:55:29 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: responding to Main
Mode from unknown peer 77.24.7.233
May 23 11:55:29 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
May 23 11:55:29 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: STATE_MAIN_R1: sent
MR1, expecting MI2
May 23 11:55:31 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: ignoring unknown
Vendor ID payload [10f3a692cc78612f7e5b7ededd1d2391]
May 23 11:55:31 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: i am
NATed
May 23 11:55:31 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
May 23 11:55:31 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: STATE_MAIN_R2: sent
MR2, expecting MI3
May 23 11:55:33 spd-1145h pluto[4704]: | protocol/port
in Phase 1 ID Payload is 17/0. accepted with
port_floating NAT-T
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: Main mode peer ID is
ID_KEY_ID: '@#0x4d6f62696c6547726f7570'
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: I did not send a
certificate because I do not have one.
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_256 prf=oakley_sha group=modp1536}
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: Sending XAUTH
Login/Password Request
May 23 11:55:33 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: Sending
Username/Password request (XAUTH_R0)
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: Unsupported
XAUTH parameter XAUTH-TYPE received.
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: User fredo:
Attempting to login
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: md5
authentication being called to authenticate user fredo
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: password file
(/etc/ipsec.d/passwd) open.
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: checking
user(fredo:fredos-phone)
May 23 11:55:53 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH: User fredo:
Authentication Successful
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: XAUTH:
xauth_inR1(STF_OK)
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: transition from
state STATE_XAUTH_R1 to state STATE_MAIN_R3
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: STATE_MAIN_R3: sent
MR3, ISAKMP SA established
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: modecfg_inR0(STF_OK)
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: transition from
state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
May 23 11:55:57 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: STATE_MODE_CFG_R1:
ModeCfg Set sent, expecting Ack
May 23 11:56:23 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233 #1: received Delete SA
payload: deleting ISAKMP State #1
May 23 11:56:23 spd-1145h pluto[4704]:
"fredos-phone"[1] 77.24.7.233: deleting connection
"fredos-phone" instance with peer 77.24.7.233
{isakmp=#0/ipsec=#0}
May 23 11:56:23 spd-1145h pluto[4704]: packet from
77.24.7.233:4500: received and ignored informational
message
When running openswan with plutodebug="control" I find
the following messages after ISAKMP SA is established:
May 23 12:26:55 spd-1145h pluto[5017]:
"fredos-phone"[1] 77.25.6.104 #1: STATE_MAIN_R3: sent
MR3, ISAKMP SA established
May 23 12:26:55 spd-1145h pluto[5017]: | modecfg pull:
quirk-poll policy:pull not-client
May 23 12:26:55 spd-1145h pluto[5017]: | phase 1 is
done, looking for phase 1 to unpend
May 23 12:26:55 spd-1145h pluto[5017]: | next event
EVENT_NAT_T_KEEPALIVE in 5 seconds
May 23 12:26:55 spd-1145h pluto[5017]: |
May 23 12:26:55 spd-1145h pluto[5017]: | *received 76
bytes from 77.25.6.104:4500 on eth1 (port=4500)
May 23 12:26:55 spd-1145h pluto[5017]: | processing
packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
May 23 12:26:55 spd-1145h pluto[5017]: | ICOOKIE: a0
6d 05 c6 1d 83 85 92
May 23 12:26:55 spd-1145h pluto[5017]: | RCOOKIE: 6d
10 9b 14 d9 42 f7 84
May 23 12:26:55 spd-1145h pluto[5017]: | peer: 4d 19
06 68
May 23 12:26:55 spd-1145h pluto[5017]: | state hash
entry 11
May 23 12:26:55 spd-1145h pluto[5017]: | peer and
cookies match on #1, provided msgid 6b08d850 vs
00000000/00000000
May 23 12:26:55 spd-1145h pluto[5017]: | p15 state
object not found
May 23 12:26:55 spd-1145h pluto[5017]: | ICOOKIE: a0
6d 05 c6 1d 83 85 92
May 23 12:26:55 spd-1145h pluto[5017]: | RCOOKIE: 6d
10 9b 14 d9 42 f7 84
May 23 12:26:55 spd-1145h pluto[5017]: | peer: 4d 19
06 68
May 23 12:26:55 spd-1145h pluto[5017]: | state hash
entry 11
May 23 12:26:55 spd-1145h pluto[5017]: | peer and
cookies match on #1, provided msgid 00000000 vs
00000000
May 23 12:26:55 spd-1145h pluto[5017]: | state object
#1 found, in STATE_MAIN_R3
May 23 12:26:55 spd-1145h pluto[5017]: | processing
connection fredos-phone[1] 77.25.6.104
May 23 12:26:55 spd-1145h pluto[5017]:
"fredos-phone"[1] 77.25.6.104 #1: modecfg_inR0(STF_OK)
May 23 12:26:55 spd-1145h pluto[5017]: | complete
state transition with STF_OK
May 23 12:26:55 spd-1145h pluto[5017]:
"fredos-phone"[1] 77.25.6.104 #1: transition from
state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
May 23 12:26:55 spd-1145h pluto[5017]: | sending reply
packet to 77.25.6.104:4500 (from port=4500)
May 23 12:26:55 spd-1145h pluto[5017]: | sending 76
bytes for STATE_MODE_CFG_R0 through eth1:4500 to
77.25.6.104:4500:
May 23 12:26:55 spd-1145h pluto[5017]: | inserting
event EVENT_SA_REPLACE, timeout in 28530 seconds for
#1
May 23 12:26:55 spd-1145h pluto[5017]:
"fredos-phone"[1] 77.25.6.104 #1: STATE_MODE_CFG_R1:
ModeCfg Set sent, expecting Ack
May 23 12:26:55 spd-1145h pluto[5017]: | modecfg pull:
quirk-poll policy:pull not-client
May 23 12:26:55 spd-1145h pluto[5017]: | phase 1 is
done, looking for phase 1 to unpend
May 23 12:26:55 spd-1145h pluto[5017]: | next event
EVENT_NAT_T_KEEPALIVE in 5 seconds
May 23 12:27:00 spd-1145h pluto[5017]: |
May 23 12:27:00 spd-1145h pluto[5017]: | *time to
handle event
May 23 12:27:00 spd-1145h pluto[5017]: | handling
event EVENT_NAT_T_KEEPALIVE
May 23 12:27:00 spd-1145h pluto[5017]: | event after
this is EVENT_SHUNT_SCAN in 73 seconds
May 23 12:27:00 spd-1145h pluto[5017]: | processing
connection fredos-phone[1] 77.25.6.104
May 23 12:27:00 spd-1145h pluto[5017]: | next event
EVENT_SHUNT_SCAN in 73 seconds
This is what tcpdump sees:
11:54:17.502672 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:27.517566 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:32.476650 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:37.496655 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:42.537554 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:47.579248 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:52.759233 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:54:57.636374 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:55:02.695506 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:55:07.636073 IP
ip-77-24-228-150.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I inf
11:55:07.636147 IP 172.16.81.120 >
ip-77-24-228-150.web.vodafone.de: ICMP 172.16.81.120
udp port isakmp unreachable, length 92
11:55:12.627445 arp who-has 172.16.81.2 tell
172.16.81.120
11:55:12.627534 arp reply 172.16.81.2 is-at
00:50:c2:2d:ac:08 (oui Unknown)
11:55:29.997976 IP
ip-77-24-7-233.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:55:29.998434 IP 172.16.81.120.isakmp >
ip-77-24-7-233.web.vodafone.de.isakmp: isakmp: phase 1
R ident
11:55:31.557871 IP
ip-77-24-7-233.web.vodafone.de.isakmp >
172.16.81.120.isakmp: isakmp: phase 1 I ident
11:55:31.564328 IP 172.16.81.120.isakmp >
ip-77-24-7-233.web.vodafone.de.isakmp: isakmp: phase 1
R ident
11:55:33.035821 IP ip-77-24-7-233.web.vodafone.de.4500
> 172.16.81.120.4500: NONESP-encap: isakmp: phase 1 I
ident[E]
11:55:33.036127 IP 172.16.81.120.4500 >
ip-77-24-7-233.web.vodafone.de.4500: NONESP-encap:
isakmp: phase 1 R ident[E]
11:55:33.036381 IP 172.16.81.120.4500 >
ip-77-24-7-233.web.vodafone.de.4500: NONESP-encap:
isakmp: phase 2/others R #6[E]
11:55:34.997449 arp who-has 172.16.81.2 tell
172.16.81.120
11:55:34.997540 arp reply 172.16.81.2 is-at
00:50:c2:2d:ac:08 (oui Unknown)
11:55:53.892679 IP ip-77-24-7-233.web.vodafone.de.4500
> 172.16.81.120.4500: NONESP-encap: isakmp: phase
2/others I #6[E]
11:55:53.893229 IP 172.16.81.120.4500 >
ip-77-24-7-233.web.vodafone.de.4500: NONESP-encap:
isakmp: phase 2/others R #6[E]
11:55:57.615469 IP ip-77-24-7-233.web.vodafone.de.4500
> 172.16.81.120.4500: NONESP-encap: isakmp: phase
2/others I #6[E]
11:55:57.692826 IP ip-77-24-7-233.web.vodafone.de.4500
> 172.16.81.120.4500: NONESP-encap: isakmp: phase
2/others I #6[E]
11:55:57.693031 IP 172.16.81.120.4500 >
ip-77-24-7-233.web.vodafone.de.4500: NONESP-encap:
isakmp: phase 2/others R #6[E]
11:55:58.887444 arp who-has 172.16.81.2 tell
172.16.81.120
11:55:58.887535 arp reply 172.16.81.2 is-at
00:50:c2:2d:ac:08 (oui Unknown)
11:56:23.309781 IP ip-77-24-7-233.web.vodafone.de.4500
> 172.16.81.120.4500: NONESP-encap: isakmp: phase
2/others I inf[E]
11:56:23.310051 IP 172.16.81.120.4500 >
ip-77-24-7-233.web.vodafone.de.4500: NONESP-encap:
isakmp: phase 2/others R inf[E]
Here are the details of my setup:
Topology:
-------------
| Client |
-------------
|
|
------------- 1.2.3.4
| NAT dev. |
------------- 172.16.81.2
|
|
------------- 172.16.81.120
| VPN gw |
------------- 172.26.100.101
|
Setup of gateway:
Ubuntu 8.04
Kernel: 2.6.23.16 from kernel.org
NATT patch: openswan-2.4.x.kernel-2.6.23-natt.patch
(from openswan.org)
openswan: 2.4.12
Config openswan gateway:
# /etc/ipsec.conf - Openswan IPsec configuration file
version 2.0
# basic configuration
config setup
#
plutodebug="none"
klipsdebug="none"
#
fragicmp=no
#
# NAT-TRAVERSAL support
nat_traversal=yes
forwardcontrol=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:!172.16.0.0/12
#
nhelpers=0
interfaces="ipsec0=eth1"
# Connections start here
conn fredos-phone
# use xauth
leftxauthserver=yes
rightxauthclient=yes
# modecfg setting
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
#
[EMAIL PROTECTED]
also=psk-client
conn psk-client
# Key exchange
ike=aes256-sha1-modp1536
# Data exchange
esp=aes256-sha1
# Authentication method PSK
authby=secret
keyingtries=3
pfs=no
rekey=no
#
leftid=1.2.3.4
left=172.16.81.120
leftsubnet=0.0.0.0/0
#
right=%any
rightsubnet=vhost:%no,%priv
auto=start
#
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Config of phone
a vpn.pkg
;
; VPN Policy Fraktion mit PSK
;
; LANGUAGES
; - None (English only by default)
; INSTALLATION HEADER
; - Only one component name is needed to support
English only
; - UID is the UID of the VPN Policy Installer
application
#{"VPN-Policy Fraktion"},(0x1000597E), 1, 0, 0,
TYPE=SA
;Localised Vendor name
%{"pip-EN"}
;Unique Vendor name
:"pip"
; LIST OF FILES
; Policy file
"vpn.pol"-"C:\System\Data\Security\Install\vpn.pol"
; Policy-information file
; - NOTE: The policy-information file MUST be the last
file in this list!
; - FM (FILEMIME) passes the file to the respective
MIME handler
; (in this case, the VPN Policy Installer
application).
"vpn.pin"-"C:\System\Data\Security\Install\vpn.pin",
FM, "application/x-ipsec-policy-info"
; REQUIRED FILES
; - The VPN Policy Installer application
(0x1000597E), 1, 0, 0, {"VPN Policy Installer"}
; - S60 3rd Edition ID
[0x101F7961], 0, 0, 0, {"S60ProductID"}
b. vpn.pin
[POLICYNAME]
VPN 1.0,7
[POLICYDESCRIPTION]
VPN SPD-Fraktion USE_MOD_CFG FALSE
[POLICYVERSION]
1.1.0
[ISSUERNAME]
Do not edit
[CONTACTINFO]
Do not edit
c. vpn.pol
SECURITY_FILE_VERSION: 3
[INFO]
VPN-Policy for Nokia Mobile VPN Client v3.0.
[POLICY]
sa ipsec_1 = {
esp
encrypt_alg 12
max_encrypt_bits 256
auth_alg 3
identity_remote 0.0.0.0/0
src_specific
hard_lifetime_bytes 0
hard_lifetime_addtime 3600
hard_lifetime_usetime 3600
soft_lifetime_bytes 0
soft_lifetime_addtime 3600
soft_lifetime_usetime 3600
}
remote 0.0.0.0 0.0.0.0 = { ipsec_1(1.2.3.4) }
inbound = { }
outbound = { }
[IKE]
ADDR: 1.2.3.4 255.255.255.255
MODE: Main
SEND_NOTIFICATION: TRUE
ID_TYPE: 11
FQDN: MobileGroup
GROUP_DESCRIPTION_II: MODP_1536
USE_COMMIT: FALSE
IPSEC_EXPIRE: FALSE
SEND_CERT: FALSE
INITIAL_CONTACT: FALSE
RESPONDER_LIFETIME: TRUE
REPLAY_STATUS: TRUE
USE_INTERNAL_ADDR: FALSE
USE_NAT_PROBE: FALSE
ESP_UDP_PORT: 0
NAT_KEEPALIVE: 60
USE_XAUTH: TRUE
USE_MODE_CFG: TRUE
REKEYING_THRESHOLD: 90
PROPOSALS: 1
ENC_ALG: AES256-CBC
AUTH_METHOD: PRE-SHARED
HASH_ALG: SHA1
GROUP_DESCRIPTION: MODP_1536
GROUP_TYPE: DEFAULT
LIFETIME_KBYTES: 0
LIFETIME_SECONDS: 28800
PRF: NONE
PRESHARED_KEYS:
FORMAT: STRING_FORMAT
KEY: 8 lt.spock
At this point I am rather clueless, so any help is
greatly appreciated
Fredo
///////////////////////////////////////////////
More information about the Users
mailing list