Re: [Swan] INVALID_KEY_INFORMATION

Fri, 05 Aug 2016 09:21:03 -0700 

Hi,
With my Draytek I use auto=add, ike=aes256-sha1;modp2048 and phase2alg=aes256-sha1. I think if you do auto=start the Draytek tries to make 2 connections, one as initiator and one as responder and gets confused, but I have not looked at it in ages. 


If your system uses rsyslogd you can easily set up a filter to just drop 
the messages you don't want.


Regards,

Nick

On 05/08/2016 15:41, John Crisp wrote:

On 05/08/16 16:26, Paul Wouters wrote:

On Fri, 5 Aug 2016, John Crisp wrote:


I am using Libre 3.18 but have seen the same issue on previous versions.
Libre connects with a Draytek router.

I seem to get a lot of this in my logs:

"ignoring informational payload INVALID_KEY_INFORMATION"

I can see that this is informational, and can be ignored, but wanted to
know what the cause was and if I can get around it as it fills my logs
at a fairly high rate !

 From my dealings with Draytek 10 years ago, there were various big
issues with their IKE software. One of the things is that "always on"
did hugely different things and require different settings, something
you would not expect where the only difference should be "load" or
"load and initiate".


Yes I am used to some of their peculiarities ;-)


I can't really help you. If it works in the non-alwayson mode, and
does not in the alwayson mode, it is mostly likely a configuration
oddity they need or just a bug in their software. You'll have to
try and talk to the vendor.


OK but just to note that it's the other way round as per my comment:


I note that if I set the router to be always on, and set Libre to
auto=add I no longer get the messages.

So if the router is AlwaysOn and Libre is auto=add then no messages and
all is quiet on the Western Front.

If I put Libre into auto=start we have a scene resembling something from
the Somme in the logs with it continuously reconnecting :-)

I can live with it with auto=add, and will be ousting said routers as
soon as I can (because talking to their tech support is
errrrr........!), but I was just curious as to what was going on and why.

B. Rgds
John



_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan


_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan






















					Reply via email to