Thread: [Ipsec-tools-devel] too many proposals bug
Brought to you by:
mit_warlord,
netbsd
From: Bernhard S. <su...@an...> - 2005-10-18 14:39:41
|
Helo, We want to connect a Lancom VPN Router (Lancom 1811) to a Linux/racoon IPse= c implementation. We have add the ipsec connection with the lancom wizard. = The lancom wizard add a list of 8 proposals to the connection, like that: remote ... { ... proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group modp1024 ; } proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group modp1024 ; } proposal { encryption_algorithm aes; hash_algorithm md5; authentication_method pre_shared_key ; dh_group modp1024 ; } proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group modp1024 ; } proposal { encryption_algorithm blowfish; hash_algorithm md5; authentication_method pre_shared_key ; dh_group modp1024 ; } proposal { encryption_algorithm blowfish; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group modp1024 ; } .... } the problem is, that racoon can not connect and the message:=20 ERROR: unknown Informational exchange received. if i delete 3 proposals and i have only 5 proposals in, racoon still throws= this message but after a few moments (and sometimes faster) the connection= is initialized.=20 look like a silly bug, of lancom ipsec implementation, or of racoon.=20 greets Bernhard --=20 Bernhard Suttner <su...@an...> ANDURAS service solutions AG Innstra=DFe 71 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-= 55 Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032 Mitglieder des Vorstands: Sven Anders, Marcus Junker, Michael Sch=F6n Vorsitzender des Aufsichtsrats: Dipl. Kfm. Thomas Tr=E4ger |
From: Matthias S. <mat...@ta...> - 2005-10-18 16:02:18
|
On Tue, Oct 18, 2005 at 04:39:22PM +0200, Bernhard Suttner wrote: > The lancom wizard add a list of 8 proposals to the connection, like that: That shouldn't be a problem. The VPN client of an embedded device and fellow worker and I wrote for our employer sends 16 proposals in main mode (AES 128/192/256 and 3DES combined with SHA1 and SHA2-256, with and without XAuth) by default. And "racoon" never complained about that. Kind regards -- Matthias Scheler Phone: +44 1223 200 648 Senior Software Developer Fax: +44 1223 200 641 Tadpole Computer Ltd. |
From: Bernhard S. <su...@an...> - 2005-10-18 16:52:38
|
is a diffrent proposal lifetime perhaps the problem? On Tue, 18 Oct 2005 17:01:42 +0100 Matthias Scheler <mat...@ta...> wrote: > On Tue, Oct 18, 2005 at 04:39:22PM +0200, Bernhard Suttner wrote: > > The lancom wizard add a list of 8 proposals to the connection, like tha= t: >=20 > That shouldn't be a problem. The VPN client of an embedded device and > fellow worker and I wrote for our employer sends 16 proposals in main > mode (AES 128/192/256 and 3DES combined with SHA1 and SHA2-256, with > and without XAuth) by default. And "racoon" never complained about that. >=20 > Kind regards >=20 > --=20 > Matthias Scheler Phone: +44 1223 200 648 > Senior Software Developer Fax: +44 1223 200 641 > Tadpole Computer Ltd. >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel >=20 --=20 Bernhard Suttner <su...@an...> ANDURAS service solutions AG Innstra=DFe 71 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-= 55 Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032 Mitglieder des Vorstands: Sven Anders, Marcus Junker, Michael Sch=F6n Vorsitzender des Aufsichtsrats: Dipl. Kfm. Thomas Tr=E4ger |
From: Matthias S. <mat...@ta...> - 2005-10-19 08:43:25
|
On Tue, Oct 18, 2005 at 06:52:19PM +0200, Bernhard Suttner wrote: > is a diffrent proposal lifetime perhaps the problem? That would be possible because our VPN client always proposes the same lifetime. BTW: what ipsec-tools version are you using? Kind regards -- Matthias Scheler Phone: +44 1223 200 648 Senior Software Developer Fax: +44 1223 200 641 Tadpole Computer Ltd. |
From: Bernhard S. <su...@an...> - 2005-10-19 17:00:21
|
we use ipsec-tools 0.6 On Wed, 19 Oct 2005 09:42:45 +0100 Matthias Scheler <mat...@ta...> wrote: > On Tue, Oct 18, 2005 at 06:52:19PM +0200, Bernhard Suttner wrote: > > is a diffrent proposal lifetime perhaps the problem? >=20 > That would be possible because our VPN client always proposes the same > lifetime. >=20 > BTW: what ipsec-tools version are you using? >=20 > Kind regards >=20 > --=20 > Matthias Scheler Phone: +44 1223 200 648 > Senior Software Developer Fax: +44 1223 200 641 > Tadpole Computer Ltd. >=20 >=20 > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel >=20 --=20 Bernhard Suttner <su...@an...> ANDURAS service solutions AG Innstra=DFe 71 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-= 55 Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032 Mitglieder des Vorstands: Sven Anders, Marcus Junker, Michael Sch=F6n Vorsitzender des Aufsichtsrats: Dipl. Kfm. Thomas Tr=E4ger |