Hi All,
Up till recently, we have been setting up tunnels between client and server
using DH Group 2 (aka MODP_1024). We are starting to transition over to DH
Group 14 (aka MODP_2048) and are coming up against problems. I'm hoping
someone can please shed some light ?
The clients are using a
Hi Graham,
selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
DH group MODP_2048 inacceptable, requesting MODP_1024
The client sends back N(INVAL_KE) to the server and we then get into
an endless cycle of trying to renegotiate the tunnel rekey.
The procedure looks correct
Martin,
Thanks for the swift reply.
On 1 December 2010 13:11, Martin Willi mar...@strongswan.org wrote:
Hi Graham,
selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
DH group MODP_2048 inacceptable, requesting MODP_1024
The client sends back N(INVAL_KE) to the server