[Openswan Users] Openswan to Sonicwall - IKE config incorrect

Peter McGill petermcgill at goco.net
Thu Mar 12 15:49:47 EDT 2009


Wrong, as I already said this is not an error, just confusing logs.
Read it more carefully and you will understand.
> 000 "home":   IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=strict
Looking for "3DES_CBC(5)_000" ("000" means any/unspecified bit length); "SHA1(2)" and "MODP1024(2)"
> 000 "home":   IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
Found exactly what it was looking for and added the 3DES bit length of 192 to the log message.
The two entries simply go from less specific request to more specific answer.
This is not an error, despite the difference in the two lines.
This is perfectly normal and happens every time.

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Zack Train
> Sent: March 12, 2009 3:12 PM
> To: users at openswan.org
> Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE 
> config incorrect
> 
> >From the original post, I think I see the problem:
> 000 "home":   IKE algorithms wanted:
> 3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=strict
> 000 "home":   IKE algorithms found:
> 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
> 
> It is asking for plain SHA1 and the response will only do SHA1-192.
> 
> Thanks---Z>m<T
> 
> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Lawrence Manning
> Sent: Thursday, March 12, 2009 10:33 AM
> To: Peter Butler
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] Openswan to Sonicwall - IKE 
> config incorrect
> 
> 
> On 12 Mar 2009, at 17:24, Peter Butler wrote:
> 
> > Ah, I think NAT might be the problem. According to this, my network
> > provider (Vodafone UK) uses NAT and port address translation:
> >
> > http://forum.vodafone.co.uk/index.php?showtopic=7813
> >
> > Does this mean I won't be able to use Openswan (or any other IPSec
> > client) with this network provider?
> 
> NAT-T mode IPSec (network packets encapsulated in UDP packets as
> opposed to ESP) should pass through vodafone's NATing gateway just
> nicely.
> 
> Openswan (and other 'swans) support NAT-T, assuming the config as
> "nat_traversal=yes".
> 
> Hope that helps,
> 
> --
> 
> Lawrence Manning
> Lead Developer
> Smoothwall Ltd. -  http://www.smoothwall.net/
> 
> SmoothWall Limited
> 1 John Charles Way
> Leeds LS12 6QA
> United Kingdom
> 
> Phone:
> 1 800 959 3760 (USA, Canada and North America)
> 0870 1 999 500 (United Kingdom)
> +44 870 1 999 500 (all other countries)
> Fax:
> +44 870 1 991 399
> 
> SmoothWall Limited is registered in England, Company Number: 4298247
> 
> This email and any attachments transmitted with it are confidential to
> the intended recipient(s) and may not be communicated to any other
> person or published by any means without the permission of SmoothWall
> Limited.  Any opinions stated in this message are solely those of the
> author.  See: http://smoothwall.net/company/email.php for the full
> text of this notice.
> 
> 
> 
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-294632
> 7?n=283155



More information about the Users mailing list