I got a number of test failures with this in the pluto log (not the
console log), repeated a lot:
"westnet-eastnet-ipv4-psk-ikev1" #1: the peer proposed: 192.0.2.0/24:0/0 ->
192.0.1.0/24:0/0
"westnet-eastnet-ipv4-psk-ikev1" #2: IPsec encryption transform rejected:
3DES_CBC key_len 0 is incorrect
"westnet-eastnet-ipv4-psk-ikev1" #2: sending encrypted notification
BAD_PROPOSAL_SYNTAX to 192.1.2.45:500
"westnet-eastnet-ipv4-psk-ikev1" #2: deleting state (STATE_QUICK_R0) and NOT
sending notification
The other side ignores it (again, from the pluto log). Nothing
helpful showed up in the console (whack) log, I guess because the
informational was ignored, even though it was encrypted.
"westnet-eastnet-ipv4-psk-ikev1" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using
isakmp#1 msgi!
"westnet-eastnet-ipv4-psk-ikev1" #1: ignoring informational payload
BAD_PROPOSAL_SYNTAX, msgid=00000000, length=12
"westnet-eastnet-ipv4-psk-ikev1" #1: received and ignored informational message
"westnet-eastnet-ipv4-psk-ikev1" #2: STATE_QUICK_I1: retransmission; will wait
0.5 seconds for response
This affected at least:
algo-pluto-08
fips-06-ikev1-3des-sha1
ikev1-algo-05-3des-sha2
ikev1-algo-ike-aes-02
================
A slightly different failure: I also got this message in several pluto logs:
"westnet-eastnet-null" #1: the peer proposed: 192.0.2.0/24:0/0 ->
192.0.1.0/24:0/0
"westnet-eastnet-null" #2: IPsec encryption transform rejected: NULL key_len 0
is incorrect
"westnet-eastnet-null" #2: sending encrypted notification BAD_PROPOSAL_SYNTAX
to 192.1.2.45:500
"westnet-eastnet-null" #2: deleting state (STATE_QUICK_R0) and NOT sending
notification
This affected at least:
netkey-algo-null-01
netkey-algo-null-02
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
