Is the behaviour after commit 68c25611eed93edd459e38deadf01916ab983115 (https://lists.libreswan.org/pipermail/swan-commit/2014-May/001275.html) intended?

This breaks connectivity with old implementations like openswan 2.4, which doesn't have configured a specific phase2alg.

We also have a customer with old vigor routers that shows this problem and it seems that you can do nothing on the vigor site to change this behavior.

Both sends AES_000-HMAC_SHA1 and can't connect because of the required keylength attribute

Log:
IPsec encryption transform did not specify required KEY_LENGTH attribute
sending encrypted notification BAD_PROPOSAL_SYNTAX to 10.0.12.2:500

Wolfgang
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to