[Openswan Users] 3DES-SHA still supported? What am I doing wrong?

simon charles charlessimon at hotmail.com
Mon Apr 11 12:17:05 EDT 2011

Please check your iptables rulesets - your default policy on the OUTPUT chain is DROP ( which IMHO is very restrictive ). A "tcpdump" on the outside interface would give you some more insight into the IKE packet sent and received and any issues with firewall / fragmentation.

- Simon Charles - 

> Date: Mon, 11 Apr 2011 11:57:39 -0400
> From: paul at xelerance.com
> To: crackhd2 at gmail.com
> CC: users at openswan.org
> Subject: Re: [Openswan Users] 3DES-SHA still supported? What am I doing wrong?
> On Mon, 11 Apr 2011, Ben Schmidt wrote:
> > after I added "plutostderrlog=/var/log/pluto.log" in the config
> > Section of /etc/ipsec.conf and restarting openswan I got this log in
> > the newly created logfile: http://pastebin.com/cUZGR2z6
> It just shows the same. Your first packet is ignored. either it is
> filtered or the other side did not like it and did not respond. Check
> networking, firewalls and the configs on both ends. Easiest if you can
> get the remote end logs to see why it is ignoring you.
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110411/3546aafe/attachment.html 

More information about the Users mailing list