[Openswan Users] esp string error: enc_alg not found

Steve Zeng SteveZ at airg.com
Mon May 17 20:38:29 EDT 2010

Looks like it. 

When I run "ipsec barf" and I got:

May 18 00:12:31 fw1 pluto[8441]: "ec2-tunnel-01" #1: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message

from tcpdump, I got:
00:31:51.202107 IP > isakmp: phase 1 ? ident[E]
00:32:31.555349 IP > isakmp: phase 1 I ident
00:32:32.046162 IP > isakmp: phase 1 R ident
00:32:32.154102 IP > isakmp: phase 1 I ident
00:32:32.253277 IP > isakmp: phase 1 R ident
00:32:32.365140 IP > isakmp: phase 1 I ident[E]
00:32:32.471635 IP > isakmp: phase 2/others R inf

It seems the amazon ask for something but openswan could not understand and so the handshake stopped. I don't see anywhere of ipsec.conf that I can put phase2 configurations. Do I need the tunnel interfaces to be configured manually on openswan side for this to work?


-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Paul Wouters
Sent: May 17, 2010 4:53 PM
To: Steve Zeng
Cc: users at openswan.org
Subject: Re: [Openswan Users] esp string error: enc_alg not found

On Mon, 17 May 2010, Steve Zeng wrote:

> 000 #1: "ec2-tunnel-01":500 STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 21s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate

You got a little further. The other end still silently rejected you. Check logs on the other

Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan: 

More information about the Users mailing list